Franklin First College Planning Center
A History of Service
Plan, save, and succeed with the Franklin First College Planning Center. Expert guidance from birth to graduation to help plan for the best college for your children and you.
Scholarships
The Scholarship Committee of Franklin First Federal Credit Union is pleased to offer scholarships for the 2024-2025 school year to eligible students.
College Savings Calculator
Consumer Education
Beware of Job Scams
Warning Signs
According to the Better Business Bureau, 14 million people are caught up in unemployment scams every year. To protect yourself from becoming a victim, it’s important to be aware of possible warning signs. Even for sophisticated job seekers, it can be hard to tell the difference between a scam and a genuine offer.
Scammers advertise jobs the same way legitimate employers do — online (in ads, on job sites, and on social media), in newspapers, and sometimes on TV and radio. They promise you a job, but what they want is your money and your personal information.
Familiarize yourself with the warning signs and protect yourself during your search. Here are some warning signs associated with job scams and tips to help you avoid them.
You Are Asked to Provide Your Confidential Information Don’t get too personal too early. Never provide your confidential information to a potential employer before getting a job offer or an interview. Some scammers ask for your bank account information to set up direct deposit or transfer money to your account or ask you to open a new bank account and provide the information to them. Other scammers will ask questions to get information about your personal identity. They tell you to go to a website and fill out a credit report form or provide confidential information. Identity theft scams may try to get you to provide your Social Security number, birth date, and other personal information.
Contact Information for a Prospective Employer is Vague If you notice the contact information for an online job posting is a generic email, it could be a scam. Most legitimate employers post openings on their company website – in addition to a job posting website – or use a company email address. If the email doesn’t include the company’s name, it may likely be a scam. Also, watch out for interviewers who claim they need to use a personal email address due to their company’s servers being down, etc.
Search Results Don’t Add Up Before agreeing to an interview, it may be helpful to do some research. If a job opportunity is offered by a legitimate company, you should be able to find information about the company through an online search. If the information is not available online or very limited, the possibility of a scam is likely. Sophisticated scammers sometimes set up websites that look professional — However, looks can be deceiving.
Job scammers ask new employees to send money. Scammers will ask for money via Zelle, Venmo, Cashapp, and other payment networks many credit unions and banks utilize that allow you to send money instantly to someone's checking account. They may also ask you to buy gift cards. They'll also ask the new employee to provide personal information, like one's Social Security and bank account numbers, just like any job offering direct deposit and a W-2 tax form, opening the applicant up to potential identity theft.
Don’t Become a Victim, Scam Identity
Avoid Social Engineering and Phishing Attacks
What is a social engineering attack?
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send an email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as:
Natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
Epidemics and health scares (e.g., H1N1, COVID-19)
Economic concerns (e.g., IRS scams)
Major political elections
Holidays
What is a vishing attack?
Vishing is the social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services. VoIP easily allows caller identity (ID) to be spoofed, which can take advantage of the public’s misplaced trust in the security of phone services, especially landline services. Landline communication cannot be intercepted without physical access to the line; however, this trait is not beneficial when communicating directly with a malicious actor.
What is a smishing attack?
Smishing is a form of social engineering that exploits SMS, or text, messages. Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number. This integration of email, voice, text message, and web browser functionality increases the likelihood that users will fall victim to engineered malicious activity.
What are common indicators of phishing attempts?
Suspicious sender’s address. The sender's address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters.
Generic greetings and signature. Both a generic greeting—such as “Dear Valued Customer” or “Sir/Ma’am”—and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address you by name and provide their contact information.
Spoofed hyperlinks and websites. If you hover your cursor over any links in the body of the email, and the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link. Spelling and layout. Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt. Reputable institutions have dedicated personnel that produce, verify, and proofread customer correspondence. Suspicious attachments. An unsolicited email requesting a user download and open an attachment is a common delivery mechanism for malware. A cybercriminal may use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.
How do you avoid being a victim?
Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
Don't send sensitive information over the internet before checking a website's security. (See Protecting Your Privacy for more information.)
Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with "https"—an indication that sites are secure—rather than "http.”
Look for a closed padlock icon—a sign your information will be encrypted.
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group. (See the APWG eCrime Research Papers).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See Understanding Firewalls for Home and Small Office Use, Protecting Against Malicious Code, and Reducing Spam for more information.)
Take advantage of any anti-phishing features offered by your email client and web browser.
Enforce multi-factor authentication (MFA). (See Supplementing Passwords for more information.)
What do you do if you think you are a victim?
If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Watch for other signs of identity theft. (See Preventing and Responding to Identity Theft for more information.)
Consider reporting the attack to the police and file a report with the Federal Trade Commission.
Authors: Cybersecurity and Infrastructure Security Agency (CISA)
10 Tips for ATM Safety
With shorter days approaching, bringing more hours of darkness along with them, it’s more important than ever to brush up on ATM safety. Using a compromised machine can mean risking identity theft and/or having cash stolen. With this simple machine, all it takes is a few short minutes for a victim’s life to be completely ruined. Here at Franklin First FCU, we take our members’ safety very seriously. We use multiple protective measures to keep you, your information, and your money safe when you use one of our ATMs. We keep our machines well-lit, have security cameras in place and we’re careful with their placement to keep isolation to a minimum. However, it’s important for you, as a member, to be aware of basic ATM safety so your transactions are never compromised. As with all banking platforms, you are the first and best defense for protecting your personal information and your money.
Here are 10 tips to help you keep your ATM transactions completely secure.
Keep your PIN private. Your personal identification number should always be kept personal. Don’t share this number with anyone and don’t write it down anywhere or keep it stored in your phone. It’s also a good idea to choose a unique PIN for all your accounts and to change your number once a year to keep it fresh.
Check the ATM for a card skimmer. Scammers are experts at hiding their tracks and often do so by attaching a card skimmer to the payment terminal of an ATM. The skimmer fits right over the card slot and will read the card information as soon as it’s inserted. It is then passed onto the criminal, who may be hiding just a few hundred feet away. Sometimes, a skimmer is instead placed over the keypad to pick up the PIN. Look for a skimmer by checking to see if the card slot feels loose, is colored differently than the rest of the machine, or if the keypad is too thick or looks newer than the ATM.
Bring a buddy. A lone target is always more vulnerable. If possible, and especially if you’re using an ATM late at night, bring a friend along.
Be aware of your surroundings. As you use the machine, it’s crucial to be aware of your surroundings and to look for anything suspicious, like characters lurking nearby or dark cars parked in the area for far too long.
Use your body as a shield. Never let an ATM you are using be in easy view of a criminal. Stand close to the machine to block it from view and cover the keypad with your hand while you input your PIN. This way, no one will be able to steal your information just by watching you complete your transaction.
Have your debit card ready to be used. Make sure you can remove your card in just a few seconds when you reach the ATM. Those precious few moments of rummaging through your purse or wallet until you find your card can give a criminal the time they need to make their move.
Put away all cash as soon as you complete your transaction. If you’re making a withdrawal, be sure to move all cash out of sight as soon as the machine spits it out. Have your wallet or an envelope ready so this takes as short a time as possible. Never count cash in public; you can check that you’ve received the right amount when you’re safely in your car.
Lock all doors and roll up passenger windows when using a drive-thru ATM. If you’ll be remaining in your vehicle to complete your transaction, keep it as secure as possible.
If you suspect foul play, leave immediately. If something or someone looks suspicious, cancel your transaction, grab your card, and leave the area as soon as you can.
Be sure to take your receipt. Don’t leave any evidence of the transaction you just completed.
If you think you’ve been the victim of ATM fraud, report it immediately. If you report the scam within two days, your liability is capped at $50. Stay safe!
Cryptocurrency Scam Alert
As one of the hottest investments on the market, cryptocurrency has been enjoying the spotlight for quite a while, and scammers are eager to cash in on the excitement. Cryptocurrency scams are particularly nefarious since the digital currency is not regulated by any government, and once it has transferred hands it usually cannot be reclaimed. Here’s what you need to know about cryptocurrency scams and how to avoid them.
How the scams play out
There are several ways scammers are using cryptocurrency to con people out of their money.
Blackmail. In this ruse, scammers send emails to their targets, claiming they have compromising photos, videos, or embarrassing information about them. They threaten to go public with these unless the victim pays up in cryptocurrency. Of course, the scammer is lying about the materials they possess and this is illegal blackmail and extortion.
Social media. Here, a target receives a social media message appearing to be from a friend asking them to send cryptocurrency immediately to help them out of an alleged emergency. If the target complies and sends cryptocurrency to their “friend,” they’ll never see that money again.
Mining. In this scam, bogus websites lure targets into what appear to be opportunities for mining or investing in cryptocurrency. The site may even offer several investment tiers, promising bigger returns for a more significant investment. Unfortunately, any money invested through these sites can never be withdrawn.
Giveaways. These “giveaways” appear to be sponsored by celebrities or big-name cryptocurrency investors like Elon Musk. Victims are promised exponential returns for small investments in cryptocurrency or for simply sharing some personal information. Of course, none of it is real, except the loss you’ll experience if you fall victim.
Romance. Through online dating sites, scammers convince victims they have met a legitimate love interest. As the “relationship” deepens, the victim’s long-distance date starts talking about fabulous cryptocurrency opportunities with incredible returns. The victim acts upon this advice and, sadly, loses their money to the person they believed was a new romantic partner.
In each of these scams, the victim has no way of recovering the cryptocurrency they shared if an “investment” has been made. Scammers also use common spoofing technology to make it appear as if they represent a legitimate business or website. As always, when in doubt, opt out.
How to spot a cryptocurrency scam
Look out for these red flags to help you avoid cryptocurrency scams:
You’re promised big payouts with guaranteed returns for a small investment in a specific cryptocurrency.
A celebrity or famed cryptocurrency investor is sponsoring a cryptocurrency giveaway.
A friend contacts you on social media, claiming they are caught up in an emergency and need immediate rescue, but only through cryptocurrency.
You’re promised free money in cryptocurrency in exchange for sharing some personal information.
A caller, new love interest, organization, or alleged government agency insists on payment via cryptocurrency.
Be sure to follow common safety measures when online and never share personal information or money with an unverified contact. If you are unsure whether you’ve actually been contacted by a friend or an authentic business, reach out to them to learn the real deal. Finally, if you’re looking to invest in cryptocurrency, never click on an ad or email; look up secure investment sites like Robinhood and Coinbase on your own.
If you’ve been targeted
If you believe you’ve been targeted by any of the above cryptocurrency scams or a similar scheme, immediately report the scam to the FTC. If the scam was pulled off on social media, let the platform owners know so they can take appropriate measures. Finally, let your friends and family know about the circulating scam.
Cryptocurrency offers unique opportunities for beginner and experienced investors alike, but scammers are exploiting digital currency for their own schemes. Proceed with caution to keep your money and your information safe.
Lottery Scam Alert
Everyone dreams of winning the lottery, but scammers enjoy turning the dreams of others into nightmares. Lottery and sweepstakes scams are always popular, and often catch victims unaware by promising incredible wins and appearing to be from authentic sources.
Let’s take a look at lottery scams, how they play out, and how to avoid falling victim.
How the scams play out
In a typical lottery scam, the victim is notified that they’ve won a lottery or sweepstakes they may not remember entering. They may be contacted by mail, phone call, text message, or social media alert. The allegedly won prizes can be a pile of cash that numbers in the high millions, a tropical vacation, or even expensive electronic devices. The scammer often piggybacks on recognized lottery names to appear authentic, such as “Mega Millions Mobile Lottery.”
It all sounds wonderful, but here’s where things get tricky. To claim the prize, the victim is told they must pay a fee, which will allegedly cover the cost of processing the prize, taxes, courier charges, and insurance. Of course, the money can only be wired to a specific bank account or furnished via a prepaid debit card. If the victim falls for the scam and pays the fee, the scammer will continue collecting these fees and stalling the delivery of the prize. Or, they may actually send a check for a small percentage of the prize, but the check will bounce after being deposited. In other variations of the scam, the target is asked to call a phone number or click on a link to claim the prize. If they do so, they’ll then be asked to provide personal information, such as their Social Security number, checking account details, and date of birth. All of this, they’ll be told, will enable them to receive the prize. Unfortunately, this information will actually make the victim vulnerable to identity theft and more.
Recently, scammers have started hacking into people’s social media accounts and then contacting their friends and family members through their platforms to tell them they’ve won money in a lottery or sweepstakes. The victim, believing the message has been sent by someone they trust, is more likely to fall prey to the scam.
Red flags
To avoid falling prey to a lottery scam, look out for these red flags:
You’ve been notified that you won a lottery, sweepstakes or competition you know you’ve never entered.
The lottery you’ve allegedly won was drawn overseas.• The email, text message, or social media alert informing you of your win is riddled with grammar mistakes and typos.
You are warned to keep your “win” confidential.
You’re asked to pay a fee to collect your winnings.
You’re asked to share confidential information over the phone or online to claim your prize.
You’re instructed to call a specific number or click on a link to verify your prize.
Protect yourself
Follow these basic safety measures to protect yourself from a lottery scam and/or similar ruses:
Never share personal information over the phone or online with an unverified source.
Don’t click on links in emails from an unknown sender.
Never wire money to an unknown contact.
If a friend or family member appears to have sent a suspicious message, contact them directly to verify that it is actually from them. If they haven’t sent the message, let them know their social media account has been hacked.
If you’ve been targeted
If you believe you’ve been targeted and/or victimized by a lottery scam, take immediate steps to protect yourself from further harm. Contact the Federal Trade Commission at FTC.gov to let them know about the scam. If you’ve already shared information and/or money, contact your local law enforcement agencies for assistance and visit the FTC’s page on identity theft to start the recovery process. Finally, let your friends know about the circulating scam.
Playing the lottery can be a fun way to toy with chance, but falling victim to a lottery scam can be an expensive and frightening ordeal. Play it safe!