Security & Privacy

SECURITY BREACH: YAHOO!® ACCOUNTS

Yahoo! has confirmed at least two incidents where hackers stole personal information associated with more than a billion accounts. The hacks, which took place in 2013 and 2014, revealed names, e-mail addresses, phone numbers, birthdates, and, in some cases, security questions and answers, as stated in a recent Yahoo! press release. At this time, no financial account or payment information is believed to be included in the stolen data.


How to Stay Protected
Cybercriminals know that consumers often use the same passwords across Web sites and applications, which is why these millions of leaked password credentials are so useful for perpetuating fraud. Take these recommended steps to protect yourself:


1. Change your passwords and security questions and answers.
If you used your Yahoo! e-mail account credentials for other logins like your credit cards, online banking, or mortgage, consider changing your passwords and questions and answers used in the password reset process. While it may be a hassle to update your accounts, you'll be steps closer to thwarting fraudulent activity efforts. Plus, you can also use a password manager app to keep account information organized so you
don't have to.

To update your Credit Union password, log in to Online Banking, click on "My Settings" at the top of your screen, then "Update Password".


2. Review your accounts for suspicious activity.
As a best practice, continue monitoring your account activity regularly and contact us if you suspect any unauthorized transactions.


3. Check your credit.
Getting a credit report will let you know if any new accounts have been opened using your personal information. You can also consider putting a freeze on your report in the event fraudsters try to run your credit to open an account. This also might be a good time to sign up for a credit monitoring service. Such services keep an eye on your credit periodically, and can help protect against identity theft.


4. Be cautious when clicking.
When you receive an unsolicited communication, avoid clicking on links or downloading attachments as these could be phishing scams. When in doubt, go to the provider's Web site or contact them directly to confirm the request or information provided is legitimate.


Yahoo!® is a trademark of Yahoo! Inc.



DIRTY POLITICS: BEWARE ELECTION FRAUD

U.S. criminals are using this year's presidential election as a way to scam potential voters. Fraudsters are finding a number of ways to abuse the election process.


One scam involves criminals exploiting potential voters by calling them asking for donations for a political party. Another form of political fraud involves criminals calling voters telling them they need to re-register to vote. In this scam, fraudsters are hoping to get Social Security numbers and other personal, identifiable information from the intended victims. Yet another scam involves fraudsters calling voters pretending to administer a political survey and offering financial incentives (such as cruise tickets) in exchange for survey participation. Once the survey is completed, the scammer then asks for a credit card to cover any taxes or additional fees associated with the prize.


  • Never donate to a political party after having received a phone call asking for donations. Instead, make your donation by directly contacting the political party or using your candidate's Web site.
  • Voter registration can't be completed by phone. If you receive such a call, contact your Elections Committee immediately.
  • Never give out your credit card information over the phone.

Although election season may bring out the worst in some dishonest people, you can protect yourself from fraudsters looking to steal your money and/or identity by being on guard. Please call (888) 354-6228 if you suspect you've fallen victim this type of scam.


BEWARE OF NCUA TEXT PHISHING SCAM

The National Credit Union Administration has received consumer calls about a suspicious text message claiming to come from the agency.

The message reads: "National Credit Union Administration Alert for (recipient's phone number). Contact 844-234-5445."

This is not a communication from NCUA. The agency does not seek personal information through the Internet or on the telephone. Rather, this is a text phishing scam and you should not contact the phone number provided. If you received this message and have provided any personal information, please contact us right away so we can take measures to protect your account.


WENDY'S SECURITY BREACH

We were recently notified that certain card information belonging to Orange County's Credit Union Members was compromised at Wendy's, a national restaurant chain. This happened because some Wendy's restaurants were the victim of malicious cyber activity targeting customers' payment card information. Wendy's recently reported additional malicious cyber activity involving some franchisee-operated restaurants. The company believes this criminal cyber-attack resulted from a service provider's remote access credentials being compromised, allowing access � and the ability to deploy malware � to some franchisees' POS systems.


What Action has Orange County's Credit Union Taken?
We're proud to say that Orange County's Credit Union's fraud monitoring program has an extensive approach to detect and investigate suspicious activity. This has resulted in notification of compromised cards and reissuance before fraud had the chance to occur in most cases. Remember, with our Zero Liability protection policy, your card is completely protected and you're not liable for unauthorized charges. A best practice is to continue to review your account activity regularly and call us if you suspect any unauthorized use.


Where Can I Obtain Additional Information?
We recommend that you review the list of potentially affected franchise restaurants to identify if you may have been affected by this incident. If you have any questions or would like more information, you may call Wendy's at (866) 779-0485, 8 am to 5:30 pm CST, Monday through Friday.


Additionally, California residents may also obtain information about preventing and avoiding identity theft from the California Attorney General's Office:


California Attorney General's Office
California Department of Justice
Attn: Office of Privacy Protection
P.O. Box 944255
Sacramento, CA 94244-2550
(800) 952-5225


PORTUGUESE SPEAKERS: BEWARE OF TELEX TROJAN

The latest in malware is preying on our sense of security when browsing Facebook. Deemed "Spy Banker", the malware is being used by cybercriminals to target Portuguese speakers in Brazil and the U.S.

With appealing links to deals, coupons, or help with tax returns, Spy Banker attempts to get Facebook users to click malicious links. These lead to a server hosted on Google Cloud. Once there, the Telex Trojan is installed on the user's computer and immediately gets to work stealing online banking login credentials. Some have even reported that the link was disguised as going to WhatsApp, a popular instant messaging application used by over 9 million people.

Here are a few helpful reminders to avoid the pitfalls of malware:
  • Avoid clicking links from unknown and unexpected sources.
  • Before clicking, verify the link by hovering your mouse pointer over it. If it's a shortened URL, don't click. Instead visit the company's page directly.
  • When clicking on ads, remember if it sounds too good to be true it probably is.
  • Ad blocking software can prevent a lot of these malicious links from being served up.
  • Make sure your device has anti-malware software installed.

If you think you might've clicked on one of these ads and your device might be infected, first make sure to call your financial institution to ensure there's no fraudulent activity on your account. Have your password reset and then access your account online from a non-infected device. Run antivirus software on your computer to clean up any threats prior to using it again to login to your accounts.



PROTECT YOURSELF FROM ATM SKIMMING DEVICES

ATM fraud is on the rise, and you can help prevent it by being aware of a scheme called ATM skimming. Thieves attach electronic devices on or near ATMs in an attempt to capture your card number and/or personal identification number (PIN). With the card number and PIN, scammers can make purchases or withdrawals at other ATMs. To avoid the hassle of having your information compromised, you should be aware of what to look for:

Skimming Devices - These gadgets are often placed over or into the card slot. When an individual slides a card into a compromised card slot, the reader can scan and store the information from the card's magnetic strip. Be especially cautious if the ATM has an unusual-looking attachment, odd markings, scratches or tape residue. The same goes if anything on the front of the machine looks crooked, loose, or damaged, which may be a sign of tampering. Don't force your ATM card into the card slot, and make sure your card is returned when you've finished your transaction.

Keypad Overlays - These devices placed over the ATM's keypad can capture PINs as they're entered. Overlays may flatten or pull the surface of the keys out.

Tiny Cameras - A small video recording device or camera may have been installed on or near the ATM, such as near the speaker, near the overhead lighting, or on the sides of a recessed ATM.

Low-Tech Spying - Crooks may be lurking with binoculars to watch you enter your PIN, so shield the keypad with your body or hand. And watch out for anyone looking over your shoulder or offering to "help" you use the ATM.

What You Can Do:

  • Before beginning your transaction, inspect the ATM for any signs of tampering. If something seems suspicious, particularly with the machine's keyboard or card slot, cancel your transaction and notify the owner or the ATM.
  • Shake the card reader to determine if it is loose or tampered with.
  • Stand directly in front of the ATM as you begin your transaction and shield the keyboard with your hand as you enter your PIN.
  • Be aware of your surroundings and watch for anyone standing too close.
  • If you suspect a device has been installed on an ATM, do not try to remove the device. Do not use the ATM and immediately report your suspicions to the owner and to Orange County's Credit Union.
  • Check your account regularly for any suspicious or unfamiliar purchases/withdrawals.
If you have any questions, please call (888) 354-6228.

TEXT MESSAGE (OR "SMISHING") FRAUD ALERT

Some Members with debit cards have received a text message from "CO-OP Mobile Alert" #996-29. The text message asks the Member to call (800) 928-0178. When calling this number, an automated voice asks for the following data to be input: last 4 digits of the card number, zip code, and a 4-digit ATM pin number.

Once the data is input, the voice states "Your card has been activated. You will be contacted in 24 hours by bank representative about details about your card and our new security system."

Remember, Orange County's Credit Union will never contact you by text message, e-mail, or phone to ask for your banking information. Never include personal or sensitive information in a text or e-mail message.

If you receive a text message like this one, ignore the message and delete it from your phone. You should not reply to the text or phone number listed. If you have provided your information, please contact a Member Service Representative immediately at (888) 354-6228 or stop by any branch so we can review your account for any irregularities.


NEW SCAM: TOLL-COLLECTION E-MAILS FROM E-ZPASS

A scam is doing the rounds purportedly sent by the American Electronic Toll-Collection Agency, E-ZPass. E-ZPass is available on toll roads, bridges, and tunnels.

The e-mail subject is "Notice to Appear." It states "You have a debt to pay for using a toll road, and you are kindly asked to service your debt in the shortest time possible. You can find the invoice in the attachment." When the attachment is opened, the user's computer is infected with malware.

Beware of such messages and never open attachments from unknown senders. If you believe you may have been a victim of this scam, please have your computer scanned so that any malicious software can be removed. Then change your passwords for the sites that you use online. You may also file a complaint with the Federal Trade Commission.

BEWARE OF UNKNOWN ATTACHMENTS - "INVOICE" or "FAX".

Fraud scheme designed to steal via wire transfers.

A recent phishing attack has made use of ZIP file attachments to infect computers with malware called Upatre or Dyre. This scheme works by sending an e-mail with an attachment usually labeled "invoice" or "fax" or "scan." Once opened, what appears to be a PDF within the ZIP file turns out to actually be an executable file that establishes a connection between the computer and the thieves' command center. The malware then lies dormant until the user navigates to a targeted online banking Web site. When the user logs into a targeted website, the malware instantly sends the login credentials to the thieves. After login credentials are entered, the malware displays a fake page that contains an error notice instructing the user to call a phone number controlled by cyber thieves. Then the user calls the phone number and speaks to someone posing as a financial institution employee. The caller is prompted to provide confidential information that is later used to initiate fraudulent wire transfers.

Don't get caught off guard. If you see an e-mail from an unknown sender, don't open it. Never open attachments from a company unless it's something you were specifically expecting to receive. Remember, Orange County's Credit Union would never ask you for your Online Banking password by phone.

PHISHING SCHEME ATTEMPTS TO IMPERSONATE NCUA

The National Credit Union Administration (NCUA), has received reports of an online phishing scam that uses a Web site with a logo and design that is similar to the agency's own site. This is an attempt to convince Members to provide information or to send money. The e-mail directs the reader to a fraudulent Web site that's not affiliated with the NCUA.

If you receive an e-mail from this source, delete it immediately and do not click on any links. Remember, Orange County's Credit Union would never request any personal information from you by e-mail. To make sure you are dealing with a legitimate source, always initiate the contact by e-mailing the company on their official Web site or calling them directly using the phone number on your billing statement.

If you received one of these e-mails and provided your information, please contact a Member Service Representative at (888) 354-6228 or stop by any branch.

RECENT DATA BREACHES

With the recent reports of data breaches at retailers such as Target, P.F. Chang's, and Home Depot, we want to assure you that we're actively monitoring accounts for suspicious or fraudulent activity.

We use a variety of technologies and techniques to protect you from fraud including a sophisticated card monitoring system and a Zero Liability Policy - you're generally not responsible for the unauthorized charges. We also take many approaches when we receive notifications about compromised debit and credit cards including, if necessary, blocking and re-issuing.


What is a data breach?

A data breach is when confidential information has potentially been viewed, stolen, or used by an unauthorized individual. Data breaches may involve personal and financial information including debit or credit card numbers. The breaches usually occur at retailers and their Web sites not at banks or credit unions.


How does it happen?

Computer hackers get unauthorized access to payment systems and steal the data. Their goal is to sell the information and create counterfeit cards to make unauthorized purchases. Typically, the data breach is identified when a financial institution notices suspicious activity and reports this information to the networks such as Visa and Mastercard.


What can you do?
  • It's important to regularly monitor your accounts. This is one of the best ways to notice and stop fraudulent activity quickly.
  • If you see unauthorized or suspicious transactions, please contact us promptly at (888) 354-6228.
  • Enroll in Online and Mobile Banking, so you can monitor your accounts at any time and as frequently as you like. Plus, you can sign up for Account Alerts including notifications about debit card transactions.
  • Regularly check your credit report to protect yourself from fraud or inaccurate reporting. You can request your free credit report from annualcreditreport.com.
  • Report lost or stolen cards immediately. Please call (888) 354-6228. If you use Mobile Banking, you can deactivate lost or stolen cards. (This option can found by clicking on the "Services" icon.) You can stop by any branch for an instant re-issue of your debit card.

PRE-RECORDED PHONE SCAMS

If you answer the phone and hear a recorded message instead of a live person, it's a robocall. Orange County's Credit Union will not ask for personal or account information via automated system or phone call.

To protect yourself from imposters who call,

  • Do NOT provide any information.
  • Hang up the phone. Don't press 1 to speak to a live operator or any other key to take your number off the list. This may lead to more calls.
  • If possible, please write down the name of the company calling and the company's telephone number.
  • Please notify the Credit Union as soon as possible.
The security and privacy of your financial information are extremely important to us. If you have any questions, please contact a Member Service Representative at (888) 354-6228 or stop by any branch.

Scammers, hackers, and identity thieves are looking to steal your personal information - and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason.


Simple Tip: 5  Ways to Protect Your Identity

Simple Tip: 5 Ways to Protect Your Identity

Watch the Video

You will need Adobe Flash Player to view these videos, if you'd like to download it click here.

If you believe your account has been compromised, take the following steps:


  • It is crucial to run a security scan on all computers you use to access Online Banking. Please do not change your Online Banking password until you have completed a full system scan to remove any malware.
  • Change passwords to all accounts that have been compromised and other key accounts ASAP. Remember, passwords should be long and strong and use a mix of upper and lowercase letters, and numbers and symbols. You should have a unique password for each account.

If you cannot access your account because a password has been changed, contact us as soon as possible.


Are you an identity theft victim?

If you believe you are a victim of identity theft, take the following actions immediately:

  • Place a Fraud Alert on your credit report. Creditors will then have to follow certain procedures before opening an account. Here is the list of credit bureaus and their contact information.
  • Equifax: 1.800.525.6285
  • Experian: 1.888.EXPERIAN (397.3742)
  • TransUnion: 1.800.680.7289
  • Contact each company where there is an impacted account.
  • Contact Orange County's Credit Union at (888) 354-6228.
  • File a police report with your local police or the police in the community where the identity theft took place.
  • File a complaint with the Federal Trade Commission or 1.877.ID.THEFT

Avoid, detect, and eliminate malware from your computer with these handy tips:


    AVOID
  • Install and update security software, and use a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS X) to update automatically.
  • Pay attention to your browser's security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.
  • Instead of clicking on a link in an email, type the URL of a trusted site directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a scam site.
  • Don't open attachments in emails unless you know who sent it and what it is. Opening the wrong attachment – even if it seems to be from friends or family – can install malware on your computer.
    DETECT
  • Monitor your computer for unusual behavior. Your computer may be infected with malware if it:
    • slows down, crashes, or displays repreated error messages
    • won't shut down or restart
    • serves a barrage of pop-ups
    • displays web pages you didn't intend to visit, or sends emails you didn't write
    • new and unexpected toolbars or icons in your browser or on your desktop
    • a laptop battery that drains more quickly than it should
    ELIMINATE
  • Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
  • Update your security software, and then scan your computer for viruses and spyware. Delete anything it identifies as a problem.
  • If your computer is covered by a warranty that offers free tech support, contact the manufacturer.

Malware© 2015, excerpted, Federal Trade Commission. Information subject to change without notice. All other rights reserved. Click here to view original article.