| Home | Savings | Checking | Loans | Credit Cards | Mortgage | Insurance | Investments | Rates | Calculators |
| About Us | News | Events | Careers | Students | Contact Us |
|
Credit Card Login
Mortgage Login
Insurance Quotes
Self-directed Online
Trading
Mortgage Application
Help Me:
Make Home
Improvements
Buy a Car
Pay for college
Plan Investments
Consolidate Debt
Open an account
Set up Direct Deposit
Apply for a loan
Get rates
Order checks
Get online access
Open an IRA
Open an HSA
Meet our Supervisory
Committee
This one is coming from 1-800-235-7738. The name being used is Rebecca Wells and she's asking if the member received their debit card and if they want to activate it. This is a scam as AmeriCU will not call any member to activate their card.
A flurry of Zeus Bot attacks have been occurring at credit unions throughout the country. Zeus Bot is a particularly nasty malware that is bypassing top AntiVirus / Malware scanners. Once infected it waits for the user to login to their online banking, logs the credentials, then pops up a screen that asks the user to further verify their login by entering their credit card data. All information gathered is sent back the the attackers. While some users may be skeptical and not enter their data, the damage is already done. The online banking credentials have been compromised.
If you receive a screen asking you to enter credit card information after logging in to Online Banking, please shut down your computer and notify the credit union immediately.
Previous recent scams/threats:
Our members are being contacted with a new phone scam. It comes from 231-732-2737 or 517-933-2030 and they say they are from "Credit Card Services" or "Visa Services". They try and get members to confirm the last four digits of their credit/debit card by letting them know that because they use their VISA card they were being given a $100 and/or $120 gift card for gas rebates. They tell the member that they will only be responsible for shipping/handling for $2.95. This is a scam. As always, The best prevention in this scenario is to never give out personal information over the phone.
Our members are being contacted via the following number: 1-256-489-4400*. (This is a legitimate company called Live Course Capital).
This is an automated call and asks members to push certain numbers and key in information on their card. If no one answers, then it leaves a 1-800-245-9655* number for them to call back...which goes to another legitimate credit union or bank. Both numbers were stolen from these companies. We believe the goal of the original call is to get a physical person to answer — one that will actually give them personal information.
* The phone numbers may differ from those above. The best prevention in this scenario is to never give out personal information over the phone, especially to an automated call.
For more information on this type of scam, see our Vishing information below.
AmeriCU is committed to keeping our members informed about current security issues, and to facilitate a safe online experience. This section provides some general information about current issues as well as additional resources.
- OnGuard Online: practical tips from the federal government and the technology industry
- Reducing your chances of being a victim of ID Theft
- Deter-Detect-Defend Avoid Identity Theft
- US Dept. of Justice Identity Theft and Identity Fraud Information
- Credit Card Shaving: Scammers Go Low-Tech With Trick (article from Creditcards.com)
TraceSecurity SiteAssure Toolbar
TraceSecurity is a leading provider of on-demand security compliance software and services. The company's enterprise software helps customers satisfy national and international data security compliance requirements mandated by such regulations as Sarbanes-Oxley, GLBA and HIPAA. Over 150 global enterprises in the financial services, insurance, energy, government, manufacturing and services industries rely on TraceSecurity to continually monitor and improve the computer security of their companies.
AmeriCU Credit Union employs TraceSecurity's SiteAssure program. SiteAssure'’s groundbreaking patent pending web authentication technology cross references every web page domain with the corresponding IP address. This information is validated against the secure SiteAssure White List.
Participating sites that have been validated will display an Authenticated notification as well as posting the name of the organization the user is visiting. If a malicious site attempts to impersonate a legitimate web site it will fail authentication and a "Not Approved" message will be displayed. In addition, if a malicious site were to perform a man in the middle type of attack, SiteAssure would catch the IP address difference and warn the user with a "Malicious" notice.
SiteAssure was developed in the Labs of TraceSecurity Inc. to promote and insure safe Internet Browsing, ECommerce, Internet Banking and other potential threats regarding ID Theft and Fraud.
Trace SiteAssure Benefits include:
- Safe and Secure Web Browsing
- Authentication and Verification of Transactional Web Sites
- "White List" for Protection as Opposed to a "Black List" Competing Solutions (Black List must be constantly updated whereas White List Method is always current and protecting)
- Corporate Sponsored Authentication Program (SiteAssure Manager)
- SiteAssure Toolbar allows you to add Allowed Sites to your Approved List. In addition, Toolbar users are encouraged to recommend sites for submittal into the standard Database.
DOWNLOAD the TraceSecurity SiteAssure Toolbar
Phishing (fish'ing) n. the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack;
Vishing: (vish'ing) n. the criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephony to gain access to private personal and financial information from the public for the purpose of financial reward.
NCUA Express Scam
A fraudulent e-mail seeking credit card information (known as a "phishing fraud") has been circulating nationwide since 2 p.m. EST today. This fraudulent phishing email appears to be from NCUA and contains a link purportedly to obtain a subscription for the NCUA Express Subscription service. When that link is used, the recipient is directed to a "clone" of the NCUA Express Service site that seeks credit card information from those to whom the phish was sent. If you receive such an email, please ignore it, as it is fraudulent. The NCUA does NOT charge for the Express Subscription service and does NOT solicit credit card information over the Internet. If you have questions or comments, please contact the NCUA Fraud Hotline at 800-827-9650 or, during off duty hours, at 703-728-0700
Other Current Scams
"Vishing" Scams
You have been warned numerous times about "phishing" scams in which crooks send e-mails claiming to be from legitimate financial institutions, companies, or government agencies asking consumers to "verify" or "re-submit" confidential information such as bank account and credit card numbers, Social Security Numbers, passwords, and personal identification numbers. A variant on that approach using telephone systems, vishing, is increasingly being used to obtain this information from unwary consumers.
Consumers are becoming more aware that an e-mail they receive containing a link or other contact information could be malicious in nature. So criminals are moving away from primarily using email as a method to gain confidential information to using methods victims are more familiar with, like calling a number. In essence, vishing is the criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephony to gain access to private personal and financial information from the public for the purpose of financial reward. The term vishing is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing thus providing anonymity for the criminal caller. Vishing is attractive to criminals because VoIP service is fairly inexpensive, especially for long distance, making it cheap to make fake calls. In addition, because it’s web-based, criminals can use software programs to create phony automated customer call center service lines.
An example of a vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a "fraudulent call center" established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).
Vishing is very hard for authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages (telephone, email, or otherwise) directing them to call and provide personal, confidential, and/or account related information. Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e. do not use contact information provided in the suspicious message).
"Phishing" Scams
AmeriCU Credit Union has been informed of a phishing scam being sent from the following email addresses:
AmeriCU Credit Union [mailto:customerservice@americu.org]
or
[mailto:support@americu.org]
Please be aware these emails are not from AmeriCU Credit Union. If you received an email referring you to online access enrollment and asking you to enter your debit card information, DO NOT respond, as this is a fraudulent email and an attempt to gain your personal information. AmeriCU Credit Union will never contact our members by email asking you to verify account details.
Please note these emails may contain the NCUA (National Credit Union Association) logo, but this email is not from the NCUA. This logo has been added to the phishing scam to try and encourage you to respond. This is a fraudulent email and has no affiliation with the NCUA.
The phishing scam is an attempt to have you log in to a fake Website which looks remarkably like our actual Website. Please note that there are two easy and clear identifiers that guarantee you have reached AmeriCU Credit Union's Online Banking Login Page. This is the Website's address located in the address bar of your browser:
And the "Secure" lock located in the lower-right of your Web Browser:
Both of these must be visible in your browser.
If you double-click on the yellow pad lock, you can view our Verisign Certificate details. These details verify AmeriCU's Website and ensure that you have reached the authentic Login Page. If the certificate is not issued by Verisign and is not for the Website www2.americu.org, then the site is not valid. Please be sure to check the spelling.
(Your details view may vary slightly from the examples depending upon your browser and operating system)
If you receive an email asking you to log in to your account to verify details, please remember it is not from us and you should notify us immediately either via email or telephone.
We have contacted the authorities and are taking action.