Security
The security of your data is extremely important to us.
Amazon impersonators: what you need to know
If Amazon contacts you to confirm a recent purchase you didn’t make or to tell you that your account has been hacked-BEWARE! According to the Federal Trade Commission, since July 2020, about one in three people who have reported a business impersonator scam say the scammer pretended to be Amazon
These scams can look a few different ways. In one version, scammers offer to “refund” you for an unauthorized purchase but “accidentally transfer” more than promised. They then ask you to send back the difference. What really happens? The scammer moves your own money from one of your bank accounts to the other (like your Savings to Checking, or vice versa) to make it look like you were refunded. Any money you send back to “Amazon” is your money (not an overpayment) — and as soon as you send it out of your account, it becomes theirs. In another version of the scam, you’re told that hackers have gotten access to your account — and the only way to supposedly protect it is to buy gift cards and share the gift card number and PIN on the back. Once that information is theirs, the money is, too.
Here are some ways to avoid an Amazon impersonator scam:
- Never call back an unknown number. Use the information on Amazon’s offical website and not a number listed in an unexpected email or text.
- Don’t pay for anything with a gift card. Gift cards are for gifts. If anyone asks you to pay with a gift card – or buy gift cards for anything other than a gift, it’s a scam.
- Don’t give remote access to someone who contacts you unexpectedly. This gives scammers easy access to your personal and financial information—like access to your bank accounts.
Beware of the Refund Scam!
You receive an unsolicited pop-up or email regarding a possible fraudulent charge on your Amazon account, or other popular online retailers, e.g. PayPal or eBay.
The scammer convinces you to download special software in order to receive an "immediate refund" for the unauthorized charge. After you do, the fraudster has you log into your online banking so they can "process the refund."
Unknowingly, by downloading their software and logging into your online banking, you just provided the fraudster with access to your bank accounts!
Once they're in, they can cause havoc with your money, including initiating money transfers out of your bank account!
Protect yourself
- If you receive a suspicious pop-up or email, verify the sender by contacting the merchant directly, e.g. sign into your Amazon account and verify the activity.
- Never download software at the request of an unknown individual. Merchants will never call you to request you to download software to obtain a refund. Doing so could install malware on your computer or device.
- Verify activity on your credit or debit card, or sign up for Visa Purchase alerts, a convenient way for you to monitor card activity outside of your normal patterns.
More scams to avoid
Several Star One members reported receiving a phone call or text from a person claiming to be from Star One's fraud department with a caller ID reflecting 866-543-5202.
The caller is impersonating a Star One employee to gain your trust with the goal of getting access to your account.
The caller may try to reassure you that it's OK to share your information—please hang up, it's not OK, EVER!
Please know that Star One employees will never call you to verify or ask for your Online Banking login information, card security codes, PINs, or a one-time passcode. One-time passcodes should never be shared with anyone!
If you have questions regarding your account information, feel free to initiate a call directly to Star One at 866-543-5202 and speak with a Call Center Representative.
The Search Engine Website Spoofing Scam
You need to contact your bank, credit union, or familiar merchant but can't remember their website address, no problem just "Google it." Seems easy and safe, right? ...
The Debit/Credit Card Fraud Scam
You receive a call from someone who says they're from your card issuer's fraud department...
The Tech Support Scam
You receive a call, email, or pop-up message from someone claiming to be from a well-known company like Microsoft, Apple or a software security company like McAfee or Norton, saying they've detected a virus or malware on your computer...
The Government Grant Scam
It starts with a call from the "Federal Grants Administration" (which doesn't exist) bringing news that you've been selected to receive a lucrative grant the government is providing to help people just like you....
The Romance Scam
You met someone online, maybe through a popular dating site, Instagram, or Facebook...
Cybersecurity Awareness Webinar
If you couldn't attend our recent security webinar, join us now and view our security webinar recording here.
Raise your awareness about the importance of personal security while online and learn about recent cyber-fraud trends and best security practices.
Recent Fraud Alerts
Beware of fraudulent Google ads!
An ad that appeared recently in some Google searches for "Star One Credit Union" turned out to be a link to a fake website that copied the exact appearance of the Star One home page.
The fake website intended to trick Star One members into entering their Online Banking user name and password. After receiving that information, the website operators could themselves log in on the real starone.org website and steal money from the members' accounts.
Avoid online scams and fraud
There are plenty of scammers out there just waiting to take advantage of someone with a trusting nature.
You can avoid being a victim of identity theft or scam attempts by staying informed and following these basic tips:
- BEWARE of fraudulent online ads that may lead you to a fake website made to look like an authentic company website.
- DO NOT respond to unsolicited e-mail.
- DO NOT click on links or open e-mail attachments from unknown individuals or businesses.
- DO NOT respond to emails threatening to close your Star One accounts. Instead, contact Star One to authenticate.
- DO NOT accept cash, checks, or other payments from unknown parties. Call issuers of suspicious payments to verify authenticity.
- DO NOT respond to IRS phone calls to collect payment. Know that the IRS corresponds ONLY through the USPS.
- DO NOT accept solicitations from unknown parties who offer things that are too good to be true.
The security of your data is extremely important to us
As a result, Star One Credit Union uses several layers of technology to prevent unauthorized users from gaining access to our internal network. Star One's security professionals manage a sophisticated networking architecture that includes screening routers, filtering routers, and firewalls.
To ensure the security of your financial information at Star One, we recommend the following:
- Never reveal your password
Passwords are case sensitive. Mixing uppercase and lowercase letters as well as symbols is encouraged. Your Online Banking password must be between 8 and 32 characters in length. We will never ask you for any password, however, your Secret Identifier is used to identify you when you call Star One Phone Representatives for help. - Don't use the same password on multiple sites
Don't use the same password or a simple password scheme (e.g. smith1, smith2, etc.) on multiple websites. Make your Star One Online Banking password be unique as a best practice.
- Change your Online Banking password regularly
We recommend that you change your password often. Log in to Online Banking and select the "My Settings" link to do so.
- Use the Logout link to end your Online Banking session
Do not click the "X". Signing off will delete your Online Banking session cookie. Failure to do so may hinder your ability to log in again. Otherwise, you may close out your browser to delete your session cookie.
- Balance your account regularly
Report any discrepancies in a timely manner.
Star One Credit Union has been certified with a secure certificate from VeriSign to communicate via Secure Sockets Layer (SSL) technology. Digital certificates act as a digital ID that users or computers are authentic. To check any site certificate, double-click on the closed lock icon in the bottom corner of your screen.
When you Enroll for Online Banking, we ask you to create your own individual User ID and Password.
Star One uses Multi-Factor Authentication (MFA) to enhance our digital banking security. You can configure your preferences in “settings” to use Security Question & Answer or to use a One-Time Passcode. MFA is a security system that verifies a user’s identity by requesting multiple credentials rather than just asking for a username and password.
Our Online Banking system will automatically log you off after a set amount of time. (The default time is 20 minutes.) This reduces the risk of others accessing your information from your unattended computer.
Our computer systems are protected by a series of powerful firewalls that block unauthorized entry.
This encryption technology is classified by the U.S. Department of Defense. United States law forbids export of this technology to other countries. Star One's VeriSign® Secure Site Pro with Extended Validation certificate enables the strongest SSL encryption available, including premium security protections:
- Guaranteed 128-bit SSL encryption, with up to 256-bit SSL encryption enables strong data encryption.
- Extended Validation triggers a green address bar in most browsers, making it easy for our members to see that our site is secure.
- Daily website malware scanning ensures that our website is safe and free of malicious code.
Star One's Information systems group maintains and monitors all security systems to make sure that your accounts are safe and secure.
Star One is committed to keeping up with and utilizing the latest technology to ensure your account security in the face of constantly evolving online threats. We work closely with our Online Banking provider to ensure that new browsers meet our high security standards and can be included in our list of supported browsers.
We mail you confirmation letters whenever you make a change to your contact information, account information, or Touchtone Teller Access Code.
Member Communication E-Mails
Member Communication e-mail campaigns are sent on a regular basis to specific members for marketing reasons. They may also
be used to alert large numbers of members affected by possible fraudulent activity. It is our policy to exclude links from
all of our Member Communication e-mails in response to phishing threats. We will never ask you to disclose or verify personal
information via e-mail.
One-On-One E-Mails
During the normal course of business you may receive an e-mail from a Star One employee. For your convenience we may include links in "one-on-one"
e-mails to assist you in locating a certain online form or section of our web site. One-on-one e-mails will include the member's surname in the subject
line. We will never ask you to disclose or verify personal information via e-mail.
Secure E-Mail
We respond to all e-mails within one business day. There are two ways you can send us an e-mail.
- Log into Online Banking and click on the "Support" button located on the bottom right.
- Use our Contact Us form to send us a secure e-mail. Any data being sent is encrypted, however, we suggest that you do not send sensitive information such as credit card numbers or password information. We un-encrypt the information after it has arrived within our internal secured network. Our reply to your message will be made through unsecured e-mail and may include your surname in the subject line. Reasonable efforts will be made to remove sensitive information prior to our reply.
Unsecured E-Mail
Send an unsecured e-mail to us at service@starone.org. Our reply to your message will be made
through unsecured e-mail and will include your surname in the subject line. Reasonable efforts will be made to remove sensitive information prior to our reply.
Third Party E-Mails
You may receive e-mails from third parties who have business relationships with Star One. These vendors may send you e-mails that include links to the Star One web site. Star One is not responsible for the functionality of links included in any third party e-mail.
DO NOT OPEN e-mails from unknown sources. DELETE THEM. You may want to report the scam to the organization named in the e-mail, report it to the FTC, or forward the suspicious e-mail to the FTC at uce@ftc.gov. If Star One is named in the scam, forward the e-mail to service@starone.org.