There are various ways that fraudsters can steal information from you. Below is a listing of scams to watch out for.

• Phishing & Spear Phishing - When a fraudster attempts to obtain sensitive information by posing as someone else. Have you ever received an email from "Amazon" asking about your recent payment activity and you need to update your account immediately? You later find out that Amazon never contacted you, that's phishing. The identity thief is looking for you personal information like, password, username, credit card information.
  Spear Phishing is similar, you receive an email from an individual or business you know and trust. These are targeted attacks specific to organizations. If you receive an email from your CEO asking to transfer money immediately, but don't contact him because he is busy and will get back to you later, pause it may be hackers. Take the time to contact the person in the email to confirm before you react.
• Vishing - This is a telephone version of Phishing when you receive a phone call from a person posing as a business in an attempt to gain personal information. Be sure to verify the caller and never provide personal or payment information over the phone. Your bank or credit union will not contact you looking for this type of information.
• Smishing - Have you ever received an email notifying you that you won a free trip, just click here for details? That's not a prize waiting for you, it's a fake link that captures your personal information. If you don't know who sent you a link within a text or email the best practice is to delete the message and do not open the link.
• Social engineering - This is when a thief gains access to your personal social media passwords and poses as you. They will impersonate you asking your friends and family for money due to an emergency. To avoid this type of fraud make sure your social media privacy settings are secure.
• Ransomware - Malicious software that locks up all the files on your computer so you cannot access them. You then receive a message on your computer demanding money for the return of your files. Most times your computer becomes infected by clicking on a link within an email. Be sure your system's antivirus software is up-to-date.

How to protect yourself from credit and debit card fraud.

Card fraud happens many ways, online scams, data breaches, stolen property, mail theft. GFA monitors for threats and suspicious activity. There are ways to make sure you don't fall victim to credit or debit card fraud.

Guard your information

• Never give your personal identification, credit card, or account number to anyone over the phone unless you have initiated the call to the business you trust.
• Carry only the cards you need so there is less potential for a thief to steal.
• Shred your documents before disposing papers containing your personal information.
• Write your card and account numbers down along with expiration dates at a safe area at home. Include the phone numbers for each card company in case you need to report fraud.

Be careful how you use your card 

• After each transaction be sure you take your card back.
• Be aware of those around you when you enter your PIN number at a point of sale. Cover the keypad so those behind you cannot see your debit card Personal Identification Number.
• Look for irregularities at the ATM before using it. A skimmer may have been placed to capture your debit card information, if you notice something odd after you have inserted your card, alert the business immediately.
• Be careful when using your card online. Always make sure it is a trusted site that is secure. Only enter information on website's you are positive are legitimate.

Will you be traveling?
If you are traveling outside of MA and NH; please review our Debit Card Restrictions.

• If you are planning a trip overseas, please contact the Member Resource Department at 978-632-2542 to ensure that your debit card is not restricted in the area where you are traveling.
• To activate your new GFA Debit Card, you need to conduct an inquiry or other transaction at any ATM.
• You can change your PIN (Personal Identification Number) at any GFA ATM or by calling 800-992-3808.
• Surcharge-free use of GFA ATMs and SUM ATMs.

• Who is EnFact? The cards we issue are protected by EnFact, which is an Electronic Neural Fraud Analysis and Card Tracking software that uses a predictive model to score the likelihood of fraudulent transactions. You may be contacted by text, phone call, or email to verify suspicious transactions. Depending on the severity of the case your card may be temporarily frozen until the transaction can be confirmed. They can be reached at 1-877-253-8964 to confirm or deny transactions.

What do I do if I become a victim of fraud?

If your debit card is lost or stolen you can immediately freeze it using online banking. The next step is to contact a Better Banking Representative at 978-632-2542 so we can put a hold on your account.

If your credit card is lost or stolen call your credit card provider immediately and report the fraud.

Contact the credit bureaus immediately so they can put a fraud alert on your account.
Experian
Equifax
TransUnion

Online Banking Safety

• Keep your passwords and Personal Identification Number (PIN) confidential. Don't share your Online Banking password or PIN number with anyone. By providing your password or PIN number to another person or company, you are placing your finances and personal information at risk.
• Changing your password - Don't use a public computer or a computer on public W-iFi to change your password. Choose a password that is not easily guessed. Choose a password 6-12 characters using a combination of numbers and special characters. Be sure that your password is not your date of birth, phone number or address, these can be easily guessed.
• Look for the lock icon - Before entering personal information on a website, look for the "lock" icon in your browser. Also look to be sure the site has HTTPS in the beginning of the URL address.
• If you share a computer, be sure to log off of your online banking account so no one else can access your account information.

Mobile Banking Safety

• Be sure your mobile device has a security option such as fingerprint authentication or a passcode.
• Do not use unsecured an unsecured Wi-Fi network, fraudsters may be able to access the information being transmitted from your device.
• Research apps before you download them, the app may look like the name of your financial institution, but it may not be.
• Be aware of Phishing messages via text, GFA will not text you asking for any personal information. If you should receive a message like this, contact GFA immediately.

Skimming Devices

ATM's and even gas pumps are vulnerable to "skimming". This is when someone steals your account information by adding a magnetic strip called a card "skimmer" over the slot where you insert your debit card. Here are some ways to protect yourself from skimming:

• Avoid standalone ATMs; choose one in a well lit area or well known establishment.
• Be ready to immediately use your debit card at the ATM and leave once your transaction is complete.
• Notify the business if you feel there is something wrong with the ATM's keyboard or card slot.
• Cover the keyboard with your hand when entering the PIN, and be aware of others around you standing too close.
• If your card is not returned from the ATM notify the business/financial institution immediately.
• Do not let others use your debit card or know your PIN number.
• Do not write your PIN number on the sleeve of your debit card, memorize the number.
• Keep your car doors locked and other windows closed when at a drive-thru ATM.

What to do if you are a victim of a skimming device?

If you suspect that you have used a device with a skimmer on a GFA ATM, please contact us immediately at 978-632-2542. Contact the local police in your area to file a report. Monitor your accounts regularly, if you notice suspicious transactions report them to GFA immediately.

Business Email Compromise (BEC)

What is it?
A scam where criminals pretend to be someone you trust — like a boss, coworker, or vendor — to trick you into sending money or sensitive information.

How they do it:

• Fake email addresses that look real
• Urgent requests for wire transfers or confidential info
• Messages that say "don’t tell anyone" or "act fast"

How to protect your business:

• Always double-check money or data requests with a phone call
• Look closely at email addresses — even small changes can be fake
• Use strong security, like multi-factor authentication (MFA)
• Train your team to spot suspicious emails

Reference: www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/business-email-compromise

Protecting Personal Information

Why it matters:
Keeping personal and customer information safe helps prevent fraud and protects your business reputation.

Tips for protecting information:

• Only keep what you need — don’t hold on to unnecessary data
• Lock it down — use strong passwords, limit access to files, and lock up paper records
• Keep systems up to date — install software updates and use antivirus protection
• Dispose of data safely — shred papers, wipe devices before throwing them out
• Have a plan — know what to do if there's a data breach (like who to notify and how)

Reference: www.ftc.gov/business-guidance/resources/protecting-personal-information-guide-business

Cybersecurity for Small Businesses

Why it's important:
Small businesses are big targets for cyberattacks — but you can protect yourself with a few smart steps.

How to stay safe:

• Train your employees on cybersecurity basics (like spotting phishing emails)
• Use strong passwords and change them regularly
• Back up important data in case something goes wrong
• Protect your internet devices (like routers, smart devices) with updated software
• Look for secure products — the FCC now offers a "Cyber Trust Mark" for safer tech

Reference: www.fcc.gov/communications-business-opportunities/cybersecurity-small-businesses