Member Security Center | AmeriCU Credit Union | Financial Safety.

Member Security Center

Articles

Facebook Scams 101: How to Spot and Avoid These Common Cons

Facebook Scams 101: How to Spot and Avoid These Common Cons

Have you ever seen a post in your Facebook feed that just seemed… sketchy?

That was your internal scam sense telling you to keep scrolling. Overall, Facebook is a secure place to share information and interact with friends, but at 2.912 billion daily active users, it’s also fertile ground for fraudsters looking for an easy target.

So how do you separate scams from legit posts? Be on alert for these common cons… Read More

What to do if your online order never arrives

What to do if your online order never arrives

We’ve all been there. During the holidays you order something online and anxiously await its arrival. But then your package doesn’t come when the seller said it would. And worse, you hear nothing. Your happy anticipation is turning to anger and frustration. So now what?…Read More

Password Identity Theft

Password Identity Theft

You could spend a good chunk of your free time each week brushing up on the ways criminals are trying to steal your information and you still wouldn’t be aware of all the devious tricks they are using. Instead of worrying yourself silly over identity theft, focus your energy on learning about how it happens, how to prevent it, and how to recover from it should you need to…Read More

We’re Committed to Your Safety & Security

AmeriCU is committed to keeping you informed about important security concerns and issues that may affect your financial safety. The information below will provide you with tools to help you better protect yourself and your identity.

We recommend reviewing the following article below:

Potential SMShing, Spam Texts, and What You Can Do!

Smshing is a form of phishing that is related to an attacker sending text or SMS messages to our employees or members. The goal of these text messages varies slightly between attackers, however, the goal of the attacker is to generally try to get money, usually in the form of gift cards. Attackers will generally try to masquerade as someone you know, such as an AmeriCU employee. Check the following details of the message to help you determine whether or not the message is real.

Sender: Check the cell phone number the message came from, if this is a known contact, it will have the senders name at the top of the message. If the contact portion of the message is just a cell phone number, it is likely not someone you know.

Message: If the message sounds urgent or is asking you to do something that is not something you would normally do, this is a red flag. If the message identifies who the sender is, contact the sender on a known phone number or send an email asking if they sent the message. Do not contact the sender on an unknown number or any other contact method you received from the text message sender.

What to Do If You Receive SMShing Messages

  • Block the sender of the text message.
  • Delete the text messages.
  • If you suspect the sender has accessed any of your online accounts, you should immediately change the password from a trusted computer or call AmeriCU to verify your account information.
  • An attacker will often try to instill panic and a sense of urgency, remind members that they should always be cautious when it comes to private financial information; do not hastily comply with unknown people, no matter the urgency they try to instill.
  • Do not reply to text messages from phone numbers you do not recognize.
  • Do not share your login information or personal and financial details over text messages. AmeriCU will never ask for sensitive information via text message.
  • Do not reply with any “verification codes.” Attackers will often say they are trying to verify your identity by sending a code, but in reality, they are likely logging into one of your accounts and asking for the security code to get in.
  • Do not reply to messages asking you to verify unknown transactions, if you suspect there was an unknown transaction, check your account statement from a trusted device or call AmeriCU immediately.
  • Sometimes attackers will send you a transaction that looks or actually IS legitimate. Do not panic and reply, immediately call AmeriCU and have them review your account with you. You may also want to have the member change any online banking passwords.

Please note: AmeriCU will NEVER contact you by phone or email and ask you to verify your account details such as debit or credit card numbers, social security number, and/or passwords. If you receive an email, text message, phone call like this, please contact us immediately and do not provide any information to the sender.

Phishing and SMShing

 

Security + Privacy

Your privacy is important to us. Here at AmeriCU, we’re committed to safeguarding your personal information. What does AmeriCU do with your personal information?

Security Services

Learn more about how AmeriCU can help you protect your identity.

Security Information + Government Resources

We’ve compiled some information from a variety of private and government sites so you have all the tools you need to make better informed security decisions.

  • ATM/Kiosk Skimming

    What is Skimming?

    A method used by criminals to capture debit or credit card data from the magnetic stripe on the back of an ATM card. However, in order to commit fraud the card data and PIN information are both needed.

    What is PIN Capturing?

    A method used by criminals to obtain your credit or debit card’s PIN information. Methods include social engineering (human interaction) techniques, strategically placed cameras, and/or false keypads to capture PIN information. Many skimming attacks use a combination of technical and social engineering techniques such as the ‘good Samaritan’ or ‘friendly and helpful’ passerby who may offer to enter your PIN for you. NEVER give your PIN to anyone!

    Remember the following to keep yourself safe when using any ATM, Kiosk or automatic payment system:

    • Cover Up! Shield your PIN entry on the ATM or Kiosk keypad with your spare hand when entering information. By protecting your PIN, criminals won’t have access to your account if your card information is compromised.
    • Stand close to the ATM and use your body as a shield as extra security to protect your card and PIN.
    • Do not accept assistance and guidance or allow just anyone to interfere with your transaction – fraudsters sometimes pose as credit union or bank officials and offer assistance or interfere with your transaction.
    • Report any unusual appearance or any difficulty using an ATM or Kiosk immediately.
    • If you suspect that a skimming device is attached to an ATM or Kiosk, DO NOT attempt to remove it or tamper with it in any way. The criminals who engage in this type of fraudulent activity are known to become violent as they are typically not far away from the scene observing.
    • Be vigilant in reviewing your account transactions frequently for irregularities or unidentifiable charges or transactions.
    • Sign up for eAlerts so you know right away if there’s fraudulent activity on your accounts.
    • Only insert your card when the ATM prompts you to do so – fraudsters may jam ATMs to create confusion with customers.
    • Don’t allow anyone to call you back to the ATM or KIOSK after transacting, requesting you to insert your card again – fraudsters use this technique to confuse customers who’ve already finalized their transactions and are busy walking away.
    • Be observant of your surroundings when transacting at the ATM. Leave the ATM immediately if you feel unsafe or when suspicious people are loitering in the area.
    • Use ATMs you are familiar with and avoid using ATMs in secluded areas or late at night. Choose ATMs in high traffic areas that are well lit.
    • Never force your card into an ATM slot.
    • If your card is trapped or captured by an ATM, do not leave the ATM. Call the debit card lost & stolen number immediately to cancel the card before leaving the ATM.
    • Do not accept an offer to use someone else’s phone when phoning your bank to cancel your card.
  • Phishing

    Phishing is the practice of luring unsuspecting internet users to a fake website by using an authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack.

    Please note that there are two easy and clear identifiers that guarantee you have reached AmeriCU Credit Union’s Online Banking Login Page. The website in your address bar should be https://www.americu.org/or https://www.myamericu.org/legacyob/signon/. Also, when visiting a secure site, you’ll see a picture of a lock visible in the address bar or in the lower right hand corner of the screen. Both of these must be visible in your browser to ensure your safety when logging into Online Banking.

    If you double-click on the pad lock image, you can view our Verisign Certificate details. These details verify AmeriCU’s website and ensure that you have reached the authentic login page. If the certificate is not issued by Verisign and is not for the website https://www.myamericu.org, then the site is not valid. Please be sure to check the spelling.

  • Vishing

    A variant on phishing is “vishing”, which uses telephone systems to obtain information from unwary consumers. The term vishing is a combination of voice and phishing. Vishing is the criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephone systems to gain access to private personal and financial information from the public for the purpose of financial reward.

    Consumers are becoming more aware that any email they receive containing a link or other contact information could be malicious in nature. So, criminals are using methods victims are more familiar with, like calling a number. Vishing exploits the public’s trust in telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP allows for Caller ID “spoofing” and thus provides anonymity for the criminal caller. Vishing is attractive to criminals because VoIP service is fairly inexpensive, making it cheap to make fake calls. In addition, because it’s web-based, criminals can use software to create phony automated customer call center service lines.

    An example of a vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a fraudulent call center established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).

    Vishing is very hard for authorities to monitor or trace. To protect yourself, we advise that you be highly suspicious of messages (telephone, email, or otherwise) directing you to call and provide personal, confidential, and/or account related information. Rather than provide any information, you should contact your financial institution or credit card company directly to verify the validity of the message (i.e. do not use contact information provided in the suspicious message).

  • Text Message Scams

    Similar to vishing, fraudsters may send fraudulent text messages on mobile phones advising you of issues with your account in order to gain access to private personal and financial information.

Equifax, a major credit reporting agency, recently announced a cybersecurity breach potentially impacting approximately 143 million U.S. consumers. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. Please be assured that AmeriCU’s systems were NOT compromised. We have the highest level of security possible and take every precaution to safeguard and protect your accounts and personal information.

Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for one year of complimentary credit file monitoring and identity theft protection. The website also provides additional information on steps consumers can take to protect their personal information. In addition to the website, Equifax sent direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. You may also contact Equifax directly at 866.447.7559 with any questions.

Please note: AmeriCU will NEVER contact you by phone or email and ask you to verify your account details such as debit or credit card numbers, social security number, and/or passwords. If you receive such an email/text message/phone call, please contact us immediately and DO NOT provide any information to the sender.

Could AmeriCU have prevented this incident?

AmeriCU has no control over how other companies store your information. Every company has an obligation to make every attempt to protect sensitive consumer information by ensuring their systems are secure. At this time, we recommend that all members monitor their account activity frequently for suspicious transactions. If you have not done so already, please take advantage of our Online & Mobile Banking services which will allow you to check your account activity frequently and set up eAlerts and Fraud Alerts to receive text and/or email notification of activity on your account(s). If you notice any suspicious transactions or have any questions, please contact AmeriCU immediately at
800.388.2000.

How do I protect my credit reports?

If you’re concerned about someone gaining access to your credit report without your permission, you may consider placing a fraud alert or credit freeze on your report(s).  Even with a fraud alert or freeze, you should still actively monitor your accounts for fraudulent transactions.

Credit Report Fraud Alerts

When you have a fraud alert on your report, businesses must first verify your identity before issuing credit. The initial alerts last for 90 days and can be renewed. To place a fraud alert on your report, contact one of the nationwide credit reporting companies (the company you contact must share the alert information with the other companies) and ask for the company to put a fraud alert on your credit file. This service is free to consumers.

For more information, visit the Federal Trade Commission’s consumer information on Fraud Alerts.

Credit Freeze

A credit freeze restricts access to your credit report, making it more difficult for identity thieves to open new accounts in your name. A credit freeze does not prevent you from getting your free annual credit report, keep you from opening a new account, applying for a job, renting an apartment, or buying insurance. But if you’re doing any of these, you’ll need to lift the freeze temporarily, either for a specific time or for a specific party, say, a potential landlord or employer. The cost and lead times to lift a freeze vary, so it’s best to check with the credit reporting company in advance. A freeze also does not prevent a thief from making charges to your existing accounts. You still need to monitor all bank, credit card and insurance statements for fraudulent transactions.

To place a freeze on your credit report(s) contact each of the nationwide credit reporting companies (Equifax — 800.349.9960; Experian —
888.397.3742
; TransUnion — 800.352.9699; Innovis —888.909.8872 ). You’ll need to supply your name, address, date of birth, Social Security number and other personal information. Fees vary based on where you live, but commonly range from $5 to $10.

After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

To lift a freeze on your credit report(s)

In a few states, credit freezes expire after seven years. In the vast majority of states, a freeze remains in place until you ask the credit reporting company to temporarily lift it or remove it altogether. A credit reporting company must lift a freeze no later than three business days after getting your request. The cost to lift a freeze varies by state.

If you opt for a temporary lift because you are applying for credit or a job, and you can find out which credit reporting company the business will contact for your file, you can save some money by lifting the freeze only at that particular company.

  • New York State Department of Financial Services

    The New York State Department of Financial Services has many resources available for consumer protection available on its website.

  • NCUA

    AmeriCU is Federally Insured by the National Credit Union Association. In 1970, Congress created the NCUA to insure deposits at federally insured credit unions, protect credit union members, and charter and regulate federal credit unions.

    Backed by the full faith and credit of the United States, the NCUA Share Insurance Fund provides up to $250,000 of federal share insurance to AmeriCU account holders (and millions of other credit unions nationwide).

    The NCUA also provides resources for consumers, information about the agency, and regulatory resources on its website. Learn more about NCUA’s information for consumers.

  • Consumer Financial Protection Bureau (CFPB)

    The Consumer Federal Protection Bureau was created to provide a single point of accountability for enforcing federal consumer financial laws and protecting consumers in the financial marketplace. They work to protect consumers from unfair, deceptive, or abusive practices and take action against companies that break the law. The CFPB website is an excellent resource for consumers.

  • Federal Trade Commission

    The Federal Trade Commission (FTC) has a great webpage dedicated to the education of consumers on many different Imposter Scams. These scams are sometimes hard to detect as they prey on someone’s natural tendency to trust and in many cases, create a sense of urgency. The main categories of these scams are online dating, family emergency, government agency (IRS and Social Security Administration are typical) and caregiver. Although these seem drastically different, they have one common goal; to steal money from victims. For more information visit https://www.consumer.ftc.gov/features/feature-0037-imposter-scams

Since email has become a preferred method of communication for many members, we have partnered with Zix Corporation, the leader in email encryption services, to better protect your sensitive information in our email communication. This encryption service enables AmeriCU to take extra precautions to protect your personal information, such as social security number, driver’s license, credit card and account numbers, from fraud.

AmeriCU now encrypts emails using ZixCorp Secure Email Encryption Services. You are able to easily access these messages without downloading additional software.

To learn more about how to send and receive secure emails with AmeriCU, please review our Secure Email User Guide. If you have any questions, please visit your local Financial Center or call our Member Service Center at 800.388.2000. Find your financial center.