AmeriCU is committed to keeping our members informed about current security issues, and to facilitate a safe online experience. This section provides some general information about current issues as well as additional resources.

• TraceSecurity SiteAssure Toolbar
• Common Scams
• Additional Resources

TraceSecurity SiteAssure Toolbar
TraceSecurity is a leading provider of on-demand security compliance software and services. The company's enterprise software helps customers satisfy national and international data security compliance requirements mandated by such regulations as Sarbanes-Oxley, GLBA and HIPAA. Over 150 global enterprises in the financial services, insurance, energy, government, manufacturing and services industries rely on TraceSecurity to continually monitor and improve the computer security of their companies.

AmeriCU Credit Union employs TraceSecurity's SiteAssure program. SiteAssure'’s groundbreaking patent pending web authentication technology cross references every web page domain with the corresponding IP address. This information is validated against the secure SiteAssure White List.

Participating sites that have been validated will display an Authenticated notification as well as posting the name of the organization the user is visiting. If a malicious site attempts to impersonate a legitimate web site it will fail authentication and a "Not Approved" message will be displayed. In addition, if a malicious site were to perform a man in the middle type of attack, SiteAssure would catch the IP address difference and warn the user with a "Malicious" notice.

SiteAssure was developed in the Labs of TraceSecurity Inc. to promote and insure safe Internet Browsing, ECommerce, Internet Banking and other potential threats regarding ID Theft and Fraud.

Trace SiteAssure Benefits include:

• Safe and Secure Web Browsing
• Authentication and Verification of Transactional Web Sites
• "White List" for Protection as Opposed to a "Black List" Competing Solutions (Black List must be constantly updated whereas White List Method is always current and protecting)
• Corporate Sponsored Authentication Program (SiteAssure Manager)
• SiteAssure Toolbar allows you to add Allowed Sites to your Approved List. In addition, Toolbar users are encouraged to recommend sites for submittal into the standard Database.

DOWNLOAD the TraceSecurity SiteAssure Toolbar

Common Scams

"Vishing" Scams
You have been warned numerous times about "phishing" scams in which crooks send e-mails claiming to be from legitimate financial institutions, companies, or government agencies asking consumers to "verify" or "re-submit" confidential information such as bank account and credit card numbers, Social Security Numbers, passwords, and personal identification numbers. A variant on that approach using telephone systems, vishing, is increasingly being used to obtain this information from unwary consumers.

Consumers are becoming more aware that an e-mail they receive containing a link or other contact information could be malicious in nature. So criminals are moving away from primarily using email as a method to gain confidential information to using methods victims are more familiar with, like calling a number. In essence, vishing is the criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephony to gain access to private personal and financial information from the public for the purpose of financial reward. The term vishing is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing thus providing anonymity for the criminal caller. Vishing is attractive to criminals because VoIP service is fairly inexpensive, especially for long distance, making it cheap to make fake calls. In addition, because it’s web-based, criminals can use software programs to create phony automated customer call center service lines.

An example of a vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a "fraudulent call center" established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).

Vishing is very hard for authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages (telephone, email, or otherwise) directing them to call and provide personal, confidential, and/or account related information. Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e. do not use contact information provided in the suspicious message).

"Phishing" Scams
AmeriCU Credit Union has been informed of a phishing scam being sent from the following email addresses:

AmeriCU Credit Union [mailto:customerservice@americu.org]

     or

[mailto:support@americu.org]

Please be aware these emails are not from AmeriCU Credit Union. If you received an email referring you to online access enrollment and asking you to enter your debit card information, DO NOT respond, as this is a fraudulent email and an attempt to gain your personal information. AmeriCU Credit Union will never contact our members by email asking you to verify account details.

Please note these emails may contain the NCUA (National Credit Union Association) logo, but this email is not from the NCUA. This logo has been added to the phishing scam to try and encourage you to respond. This is a fraudulent email and has no affiliation with the NCUA.

The phishing scam is an attempt to have you log in to a fake Website which looks remarkably like our actual Website. Please note that there are two easy and clear identifiers that guarantee you have reached AmeriCU Credit Union's Online Banking Login Page. This is the Website's address located in the address bar of your browser:

And the "Secure" lock located in the lower-right of your Web Browser:

If you double-click on the yellow pad lock, you can view our Verisign Certificate details. These details verify AmeriCU's Website and ensure that you have reached the authentic Login Page. If the certificate is not issued by Verisign and is not for the Website www2.americu.org, then the site is not valid. Please be sure to check the spelling.