Yahoo! has confirmed at least two incidents where hackers stole personal information associated with more than a billion accounts. The hacks, which took place in 2013 and 2014, revealed names, e-mail addresses, phone numbers, birthdates, and, in some cases, security questions and answers, as stated in a recent Yahoo! press release. At this time, no financial account or payment information is believed to be included in the stolen data.
How to Stay Protected
Cybercriminals know that consumers often use the same passwords across Web sites and applications, which is why these millions of leaked password credentials are so useful for perpetuating fraud. Take these recommended steps to protect yourself:
1. Change your passwords and security questions and answers.
If you used your Yahoo! e-mail account credentials for other logins like your credit cards, online banking, or mortgage, consider changing your passwords and questions and answers used in the password reset process. While it may be a hassle to update your accounts, you'll be steps closer to thwarting fraudulent activity efforts. Plus, you can also use a password manager app to keep account information organized so you
don't have to.
To update your Credit Union password, log in to Online Banking, click on "My Settings" at the top of your screen, then "Update Password".
2. Review your accounts for suspicious activity.
As a best practice, continue monitoring your account activity regularly and contact us if you suspect any unauthorized transactions.
3. Check your credit.
Getting a credit report will let you know if any new accounts have been opened using your personal information. You can also consider putting a freeze on your report in the event fraudsters try to run your credit to open an account. This also might be a good time to sign up for a credit monitoring service. Such services keep an eye on your credit periodically, and can help protect against identity theft.
4. Be cautious when clicking.
When you receive an unsolicited communication, avoid clicking on links or downloading attachments as these could be phishing scams. When in doubt, go to the provider's Web site or contact them directly to confirm the request or information provided is legitimate.
Yahoo!® is a trademark of Yahoo! Inc.
U.S. criminals are using this year's presidential election as a way to scam potential voters. Fraudsters are finding a number of ways to abuse the election process.
One scam involves criminals exploiting potential voters by calling them asking for donations for a political party. Another form of political fraud involves criminals calling voters telling them they need to re-register to vote. In this scam, fraudsters are hoping to get Social Security numbers and other personal, identifiable information from the intended victims. Yet another scam involves fraudsters calling voters pretending to administer a political survey and offering financial incentives (such as cruise tickets) in exchange for survey participation. Once the survey is completed, the scammer then asks for a credit card to cover any taxes or additional fees associated with the prize.
Although election season may bring out the worst in some dishonest people, you can protect yourself from fraudsters looking to steal your money and/or identity by being on guard. Please call (888) 354-6228 if you suspect you've fallen victim this type of scam.
The National Credit Union Administration has received consumer calls about a suspicious text message claiming to come from the agency.
The message reads: "National Credit Union Administration Alert for (recipient's phone number). Contact 844-234-5445."
This is not a communication from NCUA. The agency does not seek personal information through the Internet or on the telephone. Rather, this is a text phishing scam and you should not contact the phone number provided. If you received this message and have provided any personal information, please contact us right away so we can take measures to protect your account.
We were recently notified that certain card information belonging to Orange County's Credit Union Members was compromised at Wendy's, a national restaurant chain. This happened because some Wendy's restaurants were the victim of malicious cyber activity targeting customers' payment card information. Wendy's recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The company believes this criminal cyber-attack resulted from a service provider's remote access credentials being compromised, allowing access � and the ability to deploy malware � to some franchisees' POS systems.
What Action has Orange County's Credit Union Taken?We're proud to say that Orange County's Credit Union's fraud monitoring program has an extensive approach to detect and investigate suspicious activity. This has resulted in notification of compromised cards and reissuance before fraud had the chance to occur in most cases. Remember, with our Zero Liability protection policy, your card is completely protected and you're not liable for unauthorized charges. A best practice is to continue to review your account activity regularly and call us if you suspect any unauthorized use.
Where Can I Obtain Additional Information?We recommend that you review the list of potentially affected franchise restaurants to identify if you may have been affected by this incident. If you have any questions or would like more information, you may call Wendy's at (866) 779-0485, 8 am to 5:30 pm CST, Monday through Friday.
Additionally, California residents may also obtain information about preventing and avoiding identity theft from the California Attorney General's Office:
The latest in malware is preying on our sense of security when browsing Facebook. Deemed "Spy Banker", the malware is being used by cybercriminals to target Portuguese speakers in Brazil and the U.S.
With appealing links to deals, coupons, or help with tax returns, Spy Banker attempts to get Facebook users to click malicious links. These lead to a server hosted on Google Cloud. Once there, the Telex Trojan is installed on the user's computer and immediately gets to work stealing online banking login credentials. Some have even reported that the link was disguised as going to WhatsApp, a popular instant messaging application used by over 9 million people.Here are a few helpful reminders to avoid the pitfalls of malware:
If you think you might've clicked on one of these ads and your device might be infected, first make sure to call your financial institution to ensure there's no fraudulent activity on your account. Have your password reset and then access your account online from a non-infected device. Run antivirus software on your computer to clean up any threats prior to using it again to login to your accounts.
ATM fraud is on the rise, and you can help prevent it by being aware of a scheme called ATM skimming. Thieves attach electronic devices on or near ATMs in an attempt to capture your card number and/or personal identification number (PIN). With the card number and PIN, scammers can make purchases or withdrawals at other ATMs. To avoid the hassle of having your information compromised, you should be aware of what to look for:
Skimming Devices - These gadgets are often placed over or into the card slot. When an individual slides a card into a compromised card slot, the reader can scan and store the information from the card's magnetic strip. Be especially cautious if the ATM has an unusual-looking attachment, odd markings, scratches or tape residue. The same goes if anything on the front of the machine looks crooked, loose, or damaged, which may be a sign of tampering. Don't force your ATM card into the card slot, and make sure your card is returned when you've finished your transaction.
Keypad Overlays - These devices placed over the ATM's keypad can capture PINs as they're entered. Overlays may flatten or pull the surface of the keys out.
Tiny Cameras - A small video recording device or camera may have been installed on or near the ATM, such as near the speaker, near the overhead lighting, or on the sides of a recessed ATM.
Low-Tech Spying - Crooks may be lurking with binoculars to watch you enter your PIN, so shield the keypad with your body or hand. And watch out for anyone looking over your shoulder or offering to "help" you use the ATM.
What You Can Do:
Some Members with debit cards have received a text message from "CO-OP Mobile Alert" #996-29. The text message asks the Member to call (800) 928-0178. When calling this number, an automated voice asks for the following data to be input: last 4 digits of the card number, zip code, and a 4-digit ATM pin number.
Once the data is input, the voice states "Your card has been activated. You will be contacted in 24 hours by bank representative about details about your card and our new security system."
Remember, Orange County's Credit Union will never contact you by text message, e-mail, or phone to ask for your banking information. Never include personal or sensitive information in a text or e-mail message.
If you receive a text message like this one, ignore the message and delete it from your phone. You should not reply to the text or phone number listed. If you have provided your information, please contact a Member Service Representative immediately at (888) 354-6228 or stop by any branch so we can review your account for any irregularities.
A scam is doing the rounds purportedly sent by the American Electronic Toll-Collection Agency, E-ZPass. E-ZPass is available on toll roads, bridges, and tunnels.
The e-mail subject is "Notice to Appear." It states "You have a debt to pay for using a toll road, and you are kindly asked to service your debt in the shortest time possible. You can find the invoice in the attachment." When the attachment is opened, the user's computer is infected with malware.
Beware of such messages and never open attachments from unknown senders. If you believe you may have been a victim of this scam, please have your computer scanned so that any malicious software can be removed. Then change your passwords for the sites that you use online. You may also file a complaint with the Federal Trade Commission.
Fraud scheme designed to steal via wire transfers.
A recent phishing attack has made use of ZIP file attachments to infect computers with malware called Upatre or Dyre. This scheme works by sending an e-mail with an attachment usually labeled "invoice" or "fax" or "scan." Once opened, what appears to be a PDF within the ZIP file turns out to actually be an executable file that establishes a connection between the computer and the thieves' command center. The malware then lies dormant until the user navigates to a targeted online banking Web site. When the user logs into a targeted website, the malware instantly sends the login credentials to the thieves. After login credentials are entered, the malware displays a fake page that contains an error notice instructing the user to call a phone number controlled by cyber thieves. Then the user calls the phone number and speaks to someone posing as a financial institution employee. The caller is prompted to provide confidential information that is later used to initiate fraudulent wire transfers.
Don't get caught off guard. If you see an e-mail from an unknown sender, don't open it. Never open attachments from a company unless it's something you were specifically expecting to receive. Remember, Orange County's Credit Union would never ask you for your Online Banking password by phone.
The National Credit Union Administration (NCUA), has received reports of an online phishing scam that uses a Web site with a logo and design that is similar to the agency's own site. This is an attempt to convince Members to provide information or to send money. The e-mail directs the reader to a fraudulent Web site that's not affiliated with the NCUA.
If you receive an e-mail from this source, delete it immediately and do not click on any links. Remember, Orange County's Credit Union would never request any personal information from you by e-mail. To make sure you are dealing with a legitimate source, always initiate the contact by e-mailing the company on their official Web site or calling them directly using the phone number on your billing statement.
If you received one of these e-mails and provided your information, please contact a Member Service Representative at (888) 354-6228 or stop by any branch.
With the recent reports of data breaches at retailers such as Target, P.F. Chang's, and Home Depot, we want to assure you that we're actively monitoring accounts for suspicious or fraudulent activity.
We use a variety of technologies and techniques to protect you from fraud including a sophisticated card monitoring system and a Zero Liability Policy - you're generally not responsible for the unauthorized charges. We also take many approaches when we receive notifications about compromised debit and credit cards including, if necessary, blocking and re-issuing.
A data breach is when confidential information has potentially been viewed, stolen, or used by an unauthorized individual. Data breaches may involve personal and financial information including debit or credit card numbers. The breaches usually occur at retailers and their Web sites not at banks or credit unions.
Computer hackers get unauthorized access to payment systems and steal the data. Their goal is to sell the information and create counterfeit cards to make unauthorized purchases. Typically, the data breach is identified when a financial institution notices suspicious activity and reports this information to the networks such as Visa and Mastercard.
If you answer the phone and hear a recorded message instead of a live person, it's a robocall. Orange County's Credit Union will not ask for personal or account information via automated system or phone call.
To protect yourself from imposters who call,
Scammers, hackers, and identity thieves are looking to steal your personal information - and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason.
You will need Adobe Flash Player to view these videos, if you'd like to download it click here.
If you believe your account has been compromised, take the following steps:
If you cannot access your account because a password has been changed, contact us as soon as possible.
Are you an identity theft victim?
If you believe you are a victim of identity theft, take the following actions immediately:
Avoid, detect, and eliminate malware from your computer with these handy tips:
Malware© 2015, excerpted, Federal Trade Commission. Information subject to change without notice. All other rights reserved. Click here to view original article.