Identity Theft & Fraud Prevention

Washington Federal will never ask our customers to validate information such as Login IDs, passwords, or PINs via email. We ask that you never give out any personal information unless you initiated the contact.

Washington Federal employs multiple layers of security including Firewalls, Intrusion Detection, Content Filtering, Virus Protection, and a host of other security measures to ensure the safety of all information, and physical property. Washington Federal will never send unsolicited emails.

If You Suspect Identity Theft has Occurred
If you are concerned that someone has unauthorized access to your personal information, please call us immediately at 1.800.961.0055 so we can take steps to help protect you. You should also consider reporting your concerns to:

• Your local law enforcement officials
• The Federal Trade Commission identity theft hotline: 1.877.IDTHEFT (1.877.438.4338)
• The Social Security Administration fraud hotline: 1.800.269.0271
• Your credit card companies
• National credit reporting organizations that can place a fraud alert on your name and Social Security Number:
  • Equifax: 1.800.525.6285
  • Experian: 1.888.397.3742
  • TransUnion 1.800.680.7289

Identity Theft
Identity Theft (or identity fraud) is the unlawful use of your personally identifying information by criminals to commit fraud or other crimes. Personally identifying information includes names, Social Security numbers, birth dates, credit card numbers, or account information. Although the term identity theft is most commonly associated with credit card fraud, thieves also use personally identifying information to obtain loans, rent property, or drain bank accounts. The Federal Trade Commission (FTC) estimates that as many as nine million Americans have their identities stolen each year. For more information from the FTC about identity theft, please visit their website.

How Identity Theft Occurs
Thieves use a variety of techniques for obtaining personally identifying information including; stealing mail or rummaging through rubbish (dumpster diving), stealing personal information in computer databases, infiltrating organizations that store large amounts of personal information, stealing wallets or purses, phishing, and pharming.

Phishing and Pharming
"Phishing" is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, Login IDs, and passwords. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company. An email is sent requesting that the recipient access the fake website (which will usually be a replica of a trusted site) and enter their personal details, including security access codes. The term "Phishing" comes from the analogy that internet scammers are using email bait to fish for passwords and financial data from the sea of internet users. Since hackers have a tendency of replacing "f" with "ph", the term phishing was derived. The term has evolved over the years to include not only obtaining user account details but access to all personal and financial data. The Anti-Phishing Act of 2005 is a bill introduced by US Senator Patrick Leahy (VT) to combat a type of identity theft known as phishing. The bill proposes a five-year prison sentence and/or fine for individuals who commit identity theft using falsified corporate websites or email messages.

"Pharming" is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the Domain Name for a site, and to redirect traffic to that website to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet. When users type in a valid URL they are redirected to the criminals' websites instead of the intended valid website. Once the user is redirected to the fraudulent website, they will often become infected with Trojan Virus programs, worms, spyware, malware, or other virus technologies. Pharming is much more sophisticated than phishing.

Vishing
The term Vishing was coined by combining "voice" and phishing. Vishing exploits the public's trust in landline telephone services and caller ID systems. Vishing characteristics: Cardholders receive computer-generated calls claiming to be from their financial institution. The calls claim their accounts have been frozen and then direct the cardholder to call a toll-free number to leave their debit card information in order to reactivate any cards. (Most communications include something that will concern or excite the victim.) The toll-free number includes a recorded message that asks the customer to key their account number, card expiration date, and PIN. Vishing is very hard for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers. Rather than provide any information, the consumer is advised to contact their bank or credit card company directly to verify the validity of the message.

Helpful Tips to Protect Yourself from Fraud and Identity Theft

• Carefully guard your Social Security card and number. Do not carry your Social Security card or your Social Security number in your wallet or purse.
• Carefully guard passwords and Debit/Credit card PIN numbers. When establishing passwords and PINs do not use obvious information such as your birth date, your mother's maiden name, the last four digits of your Social Security number, or your phone number.
• Don't give out your personal information over the phone, through the mail, or over the Internet unless you're sure that the source requesting it is trustworthy. Never respond to a cold call requesting personal information.
• To verify whether a call is legitimate, call your financial institution or visit its website using phone numbers or internet addresses from your bank statement, account documentation, or other reliable source. Do not call back a number provided over the phone or click on a link in an email.
• When you are initiating the contact, make sure that the company or financial institution verifies your identity with questions only you would know.
• Take steps to secure personal information. Secure incoming mail promptly. Mail outgoing mail from the post office or other secure mail boxes. Shred financial documents, credit card receipts, or any other personally identifying information before discarding them.
• Review your financial account history/statements regularly to identify potential fraudulent activity.
• The law requires the three major nationwide credit reporting agencies (Equifax, Experian, and TransUnion) to provide you with a free copy of your credit report annually upon request. Order copies annually and review them for accuracy and potentially fraudulent activity. You can order your free annual credit report by visiting www.AnnualCreditReport.com, calling 1.877.322.8228, or sending a written request to: Annual Credit Report Request Service, P.O. Box 105821, Atlanta, GA 30348-5281.

For more information about protecting yourself from identity theft and fraud, please visit this useful link from the FDIC: Don't Be An Online Victim.