- Equifax Data Breach – September 11, 2017
- Shopping Online?
- Arby’s Restaurant Fraud Alert- February 13, 2017
- Wendy’s says malware affected over 1,000 locations – July 12, 2016
- NCUA warns of spoofing text messages – March 26, 2015
- National Credit Union Administration warns of scammers using similar website logo and design – March 17, 2015
- Don’t Get Phished – What You Can Do to Protect Yourself!
- Home Depot Data Breach
- Several members have reported receiving “phishing” phone calls.
- Latest Software Vulnerability - OpenSSL Heartbleed Bug - April 16, 2014
- Target Data Breach Update – January 13, 2014.
- Target Stores Fraud Alert
- Global Payments Card Breach Could Increase Phishing
- Be Vigilant for Fraud this Holiday Season
- Telephone Scam Alert
- Bogus Text Messaging
- Phone Scam
- Security breach at Heartland Payment Systems
- VISA Security and C V V 2 numbersPhishing is just like fishing
- Internet scam using NCUA
Equifax Data Breach – September 11, 2017
Your Credit Union maintains the safety and security of its members’ personal information as a top priority. In light of the recent Equifax data breach, protective measures you can take are provided here for consideration. Learn more >
Shopping Online or ordering from a TV commercial? Beware of those FREE Trial offers. By accepting, you may have signed up for automatic delivery whether you want it or not. Learn more >
Members who used their credit or debit cards at Arby’s during that time period are encouraged to be vigilant by monitoring their account(s) for unauthorized activity.
If you are concerned that your card is a part of that security breach, please call the VISA Department. We can block your card at your request. We also now offer Instant Issue debit cards that can be picked up at any of our branches within 1-2 business days.
We will be monitoring this situation and will update you with any new information as it become available.
Wendy’s says malware affected over 1,000 locations – July 12, 2016
Last week, Wendy’s made a public disclosure that they were a victim of malicious cyber activity targeting customer payment card information. The breach is believed to have begun in late 2015.
Members who used their credit or debit cards at Wendy’s are encouraged to be vigilant by monitoring their account(s) for unauthorized activity.
Wendy’s has arranged to offer one year complimentary fraud consultation and identity restoration services to all customers who used a payment card at a potentially affected restaurant during the time when the restaurant may have been affected.
If you would like more information, call Wendy’s toll-free number 1-866-779-0485 between 8:00am to 5:30 pm CST. You may also go to their website for the latest updates on this data compromise. https://www.wendys.com/en-us/about-wendys/the-wendys-company-updates
If any members wish to close they debit and/or credit card as a precaution, please contact Member Services at 410-828-4730.
NCUA warns of spoofing text messages – March 26, 2015
The National Credit Union Administration is alerting consumers that texts they receive from an agency telephone line, 703-518-6301, asking for personal information are not coming from NCUA.
This attempted fraud scam is called “spoofing." The perpetrators are able to mimic a telephone number to generate text messages. The texts may warn of a debit card reaching its limit or use some other trick to persuade individuals to provide personal information or go to a malicious website. Consumers should not click on links in the message, provide information to any websites referenced in the message nor attempt to conduct any financial transactions through those websites.
More than 40 consumers around the country received text messages yesterday.
Consumers receiving these texts should contact NCUA’s Consumer Assistance Center Hotline at 800-755-1030. NCUA also offers information about avoiding frauds and scams at MyCreditUnion.gov. Consumers who suspect they may have become victims of identity theft should immediately contact their financial institutions and, if necessary, close existing accounts and open new ones. When identity theft occurs, NCUA urges consumers also contact the three major credit bureaus—Equifax (800-525-6285), Experian (888-397-3742) and TransUnion (800-680-7289)—to request a fraud alert be placed on their credit reports.
National Credit Union Administration warns of scammers using similar website logo and design – March 17, 2015
The National Credit Union Administration has received reports of an online phishing scam that uses a website with a logo and a design similar to the agency’s own site in an attempt to convince unwary customers to provide information or send money.
Consumers have received emails from a National Credit Union website, which apparently originates in Australia and claims to offer services in the United States, Europe and the Commonwealth of Independent States. This website is not affiliated in any way with the National Credit Union Administration, a federal agency whose website is www.ncua.gov and the emails being sent to consumers are not from NCUA.
Consumers receiving such emails should call NCUA’s Fraud Hotline toll-free at 800-827-9650 or 703-518-6550 in the Washington, D.C., area. Consumers should also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. NCUA also offers information about avoiding frauds and scams on its MyCreditUnion.gov website.
Home Depot Data Breach
Credit Union members with VISA Debit or Credit Cards included in the recent data breach will be receiving personalized letters from the Credit Union in the coming days.
The letter explains that the Credit Union will: (1) continue to monitor the affected accounts for fraudulent activity and (2) issue new debit or credit cards with new card numbers to those members.
If you receive a letter, please note the specific instructions and dates for making a smooth transition from your current to your newly-issued card.
Your understanding is much appreciated as we work through this unfortunate situation.
Last week, we reported the news concerning a possible data breach involving 2,200 Home Depot stores across the United States.
Home Depot officials have now confirmed that a data breach has taken place. For more information about this situation, visit www.homedepot.com.
We have not received information from VISA confirming whether any of our cardholder accounts have been affected. Once we receive specifics, those members will receive personalized letters clearly explaining our action plan to reduce their risk.
In the meantime, members that have used their SmartCash Debit Card or VISA Credit Card at Home Depot should monitor their account and contact the Credit Union if they notice any unusual activity. You may also make a request for us to issue you a new debit or credit card.
Please be assured, we will continue to monitor the situation and provide additional details as they become available.
Several members have reported receiving “phishing” phone calls.
Your Credit Union will never call, email or text you and ask for your account information. Please do not give these callers any account numbers, debit or credit card numbers, Social Security numbers or any of your personal and confidential information. Should you receive a suspicious call, please call Member Services to report them. You can also report phishing calls to the Federal Trade Commission at www.ftc.gov.
Latest Software Vulnerability - OpenSSL Heartbleed Bug - April 16, 2014
You may have heard the recent news reports about the OpenSSL Heartbleed bug. Some companies use a software program called OpenSSL to securely transmit data over the Internet by means of encryption.
Security researchers discovered that this program had a weakness that may allow attackers to decrypt login credentials.
Your Credit Union does not use OpenSSL on its servers or personal computers.
Our vendor partners are aware of this issue and have proactively taken steps to install software patches to fix the problem and eliminate the risk to members that use our on-line services. We have no evidence that this weakness has been exploited.
If we believe further communication is needed on this topic, we will provide an additional update on this page.
Target Data Breach Update – January 13, 2014.
Because the security of our members’ account information is our top priority, we have decided to issue new SmartCash VISA Check Cards (Debit) and VISA Platinum Credit Cards to those members whose card information was included in the Target Store Data Breach.
This reissue is only for cards that were used at Target stores during the time period of November 27 – December 15, 2013. If your card information was included in the Target Store Data Breach, you will be receiving a special letter of notification from us and we will be mailing you a new card within the next few weeks.
In the meantime, you can continue to use your current card until you receive the new one…unless suspicious activity necessitates deactivating the card sooner. We are sorry for any inconvenience but wanted to be proactive to help minimize any possible fraudulent activity.
For more information about the Target data breach, please click here.
Target Stores Fraud Alert –12/23/13
Target has information on their website to address concerns from customers who may have been affected by the data breach that occurred in their stores between November 27th and December 15th. Credit Union members who shopped at Target during that period of time should diligently monitor their accounts for any possible fraudulent activity. We have stepped up the monitoring of the activity associated with the data breach and will update you as needed about your debit or credit cards issued by the Credit Union. For more information about the Target data breach, please click here.
Global Payments Card Breach Could Increase Phishing – 4/5/2012
On the heels of the recent Global Payments breach, we are warning members of the potential for increased phishing attacks. These attacks could also target members who were not impacted by the recent card breach.
We are alerting members to be aware of any suspicious emails, text messages or phone calls requesting any personal or financial information. The next several days and weeks are critical.
The card information that may be requested includes: cardholder billing address; 3-digit CVV2/CVC2 code found on the back of the card; or enrollment criteria/passwords for Verified by VISA or MasterCard SecureCode. This card information was not part of the recent Global Payments breach. Criminals, however, may ask for this information to add to the other card data they may have obtained from the breach in order to perform illegal card transactions.
If a member receives a suspicious email, text or phone call, please contact the Credit Union immediately. Being aware of a potential phishing scheme may help curb the chances for ID Theft that may result from the recent Global Payments card breach.
Note: Your Credit Union will NEVER call you to ask for personal or confidential account information.
Be Vigilant for Fraud this Holiday Season – 11/30/2011
With the holiday season upon us, be on guard for scams. Especially when shopping on the internet, you are even more prone to being a target.
Remember that legitimate financial organizations, such as your Credit Union, never request personal financial information through an email and never include attachments in emails. Should you receive unusual emails like this, you are best to delete them.
Also, be careful should you receive an email from your "system administrator" asking you to perform maintenance on your account. This is a widespread phishing scam that many banking customers have fallen victim to.
Even emails that appear to be from friends should be opened with caution. e-Card scams are widespread including those adorable animated holiday e-Cards that have been known to redirect viewers to a site with malware.
Needless to say, emails from desperate, wealthy people in foreign countries who need help securing their funds into a U.S. bank can be deleted guilt-free!
For more details, check out www.fightidentitytheft.com
Members of Credit Unions as well as banking customers have reported receving calls from 1-718-683-3104 stating that there has been fraud on their VISA debit card. The caller then asks for the card and PIN so that the client can be identified. The 718 phone number comes back to the sales office of the Laditude Condos in Riverside, New York. A google search shows multiple reports of that telephone number being used in similar scams. No one from the Credit Union will ever call you and ask for your card and PIN number. Please be aware.
In the last few days, credit unions from around the country have reported their members are receiving bogus text message (smishing) alerts. The text message indicates it is from Credit Union Services and advises the member to call the number provided in the text message to have their card reactivated.
This is a scam as no credit union would ever ask a member for this type of information using text messaging. Credit Unions have reported multiple phone numbers provided in text messages sent to credit union members to call to have their card reactivated.
Because of the increase in both smishing (text message phishing) and vishing (phone call phishing) attempts directed towards members asking for personal or financial information, we are alerting members to never respond to this type of request.
In fact, never respond to any type of request for personal or financial information being requested by text, phone or email.
If you are able...capture the telephone number used by the fraudster, report the number to the Federal Trade Commission at email@example.com
Diligent members and non-members have informed us of a "vishing" scam which uses telephone recordings to lure unsuspecting consumers into disclosing their personal account information.
Random calls are being made to members and non-members telling them their credit or debit card account has been compromised and that they will need to provide their account number and PIN verification.
YOUR CREDIT UNION WILL NEVER CALL OR EMAIL YOU ASKING FOR YOUR ACCOUNT INFORMATION.
Other credit unions are experiencing similar scenarios. Findings suggest that fraudsters do not know if the household is actually a Credit Union member. They count on the volume of false calls to produce their desired results. Unfortunately, this is a widespread problem affecting financial institutions around the country.
If you inadvertently respond to one of these calls and provide your confidential information, please notify us immediately.
Security Breach at Heartland Payment Systems – 2/17/2009
The Baltimore County Employees Federal Credit Union has learned that there was a security breach at Heartland Payment Systems, a card processor for retail merchants based in Princeton, New Jersey.
Information that may have been compromised includes debit and credit card numbers, cardholder names, and card expiration dates. According to a press release issued by Heartland, no personal information such as addresses, phone numbers, PINs, or social security numbers was exposed.
These types of breaches sometimes occur through no fault or involvement of your Credit Union. Please be assured that we have sophisticated plastic card monitoring programs in place and have increased the monitoring of all accounts. Your Credit Union receives alerts of unusual account activity and potential fraud on a daily basis, and will contact you directly should this occur.
For this reason, the Credit Union does not intend to cancel or reissue any member cards at this time. We encourage you to review your statements and if you notice any discrepancies or suspicious activity, please contact our VISA Department at 410-828-4730 or 1-800-234-4730, option 3.
VISA Security Alert Criminal seeking account information are at it again!
New techniques are being applied to previously used schemes. In a new twist on traditional forms of "phishing," criminals are now targeting your C V V 2 information.
C V V 2 (Card Verification Value) is a three-digit code on the back of your card used during telephone or internet-based transactions. C V V 2 was implemented by credit card companies as a way to authenticate the actual card with the cardholder and reduce fraud.
In these new schemes, criminals posing as representatives of credit card companies communicate to you with urgency about a possible fraud scenario involving your card. During this process, you are then duped into revealing your C V V 2 number.
Your Credit Union will never ask you to reveal your C V V 2, PIN, or any other number because we have your account information on file.
Your Credit Union will never send you an email telling you our website is down and suggest that you access your account from an alternate website provided through a "convenient" link. These are examples of outright scams.
Today's technology offers great convenience for members in handling their finances. It also offers criminals countless ways to creatively scam unwary consumers.
"PHISHING" is just like fishing.
An alarming trend in internet piracy is called "phishing" (pronounced fishing)... which is exactly what the thieves are doing–fishing for your personal financial information.
"Phishing" thieves are desperately in search of account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up your credit card bills. If these individuals are successful, you could find yourself a victim of identity theft. With your identity, a thief has the ability to take out loans, obtain credit cards, and even acquire a driver's license in your name. This can result in serious damage to your financial history, cost thousands of dollars to repair, and can take years to correct.
There are many ways in which a thief may try to "phish" out your personal information. One common avenue is by email. Typically you receive an email that appears to come from a reputable company, a government agency, or even the Credit Union. It may warn of a serious problem that requires your immediate attention. Often, by following their instructions, you are redirected to a phony web site that looks exactly like the real thing. The unsuspecting person, desiring to remedy the problem with their account will start to provide their personal information. Now, the internet thieves have pertinent information about you to continue their scam on your personal finances.
Remember these helpful hints:
- Never provide your personal information in response to an unsolicited request.
- If you believe an email could be legitimate and have concern about an account problem they have brought to your attention, contact the financial institution or agency yourself.
- Never provide your password over the phone or to an unsolicited email request.
- Review your account statements regularly to ensure the accuracy of all charges, transactions, and balances.
Report all suspicious email contacts to the Federal Trade Commission through the internet at www.consumer.gov/idtheft or by calling 1-877-IDTHEFT.
We have been alerted to an Internet scam targeting credit union members.
The e-mail message fraudulently shows that it is from the National Credit Union Administration (NCUA). It is addressed to credit union members advertising that they have been selected to take part in a quick and easy 5-question survey and that their responses will enable the credit union to provide improved and expanded online services.
The members are advised that their replies will be kept confidential and that in return for responding to the survey questions, $50.00 will be credited to the member's credit union account.
To receive the $50.00 award, the member is asked to provide their account number and PIN so that the $50.00 may be credited to the member's account.
The message is a scam. It is not from the NCUA. It is an attempt to obtain enough personal information relating to the member's credit union account to enable the swindlers to steal money from the account.
We have been told that the NCUA is in the process of having this phony website closed down. However, until it is closed, please be aware that it is a scam and should not be responded to by any recipient.