E-Mail about Insurance - 3/19/15
Members may have received a spam email with the subject line: To frineds of UNIVERSITY CREDIT UNION from Charity:-Savings, upto 72% on your-Life Ins. Compare yours instantly
Please be assured that this is spam and did not come from University Credit Union nor did University Credit Union share information with this vendor. If you received this email, do not click any links or provide any information. Click here to view our Online Safety Guide.
UCU has partnerships with MetLife and Trustage to offer members discounts on insurance programs. Click here to learn more about the great options that are available to members!
NCUA warns of scammers using similar website logo, design - 3/18/15
Scammers using a website with a logo and design similar to that of the National Credit Union Administration are attempting to convince consumers to provide sensitive information or send money. According to the NCUA, consumers have received emails from the National Credit Union website, which is not affiliated in any way with the NCUA, a federal agency, and the emails are not from the agency.
The site apparently originates in Australia, the NCUA said in its warning, and claims to offer services in the United States, Europe and the Commonwealth of Independent States. The emails attempt to persuade individuals to provide personal information, such as Social Security numbers, account numbers and login information, or transfer large amounts of money.
The NCUA warns that consumers should not should neither provide information to this website nor attempt to conduct any financial transactions through it. The NCUA would not request personal or financial information in this manner.
Consumers receiving such emails should call NCUA's Fraud Hotline and should also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. The NCUA also offers information about avoiding frauds and scams.
Consumers who suspect they may have become victims of identity theft should immediately contact their financial institutions and, if necessary, close existing accounts and open new ones.
NCUA urges consumers also contact the three major credit bureaus--Equifax (800-525-6285), Experian (888-397-3742) and TransUnion (800-680-7289)--to request a fraud alert be placed on their credit reports.
Anthem Breach - 02/05/15
On February 4, 2015, Anthem announced that they have been the target of a sophisticated cyber attack. They have indicated there is no evidence that credit card or medical information was targeted or compromised. At this time, Anthem is working to determine the specifics of the breach including what members are impacted. Anthem will notify all impacted Anthem members through written communication.
For more information, visit Anthem’s FAQ page: http://www.anthemfacts.com/faq
University Employee Payroll Scam - 01/13/15
The FBI has released an alert that University employees across the US may be receiving fraudulent emails indicating a change in their human resource status. The email provides a link and asks the employee to log in to a website that looks much like the legitimate site. The scammers then capture credentials, log in to the official HR site and redirect the employee paycheck to the bank account of the scammer. The FBI provided the following tips on how to protect yourself from this scam:
Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses. Many of the scammers who send these messages are not native English speakers.
Roll your cursor over the links received via e-mail and look for inconsistencies. If it is not the website the e-mail claims to be directing you to then the link is to a fraudulent site.
Never provide credentials of any sort via e-mail. This includes after clicking on links sent via e-mail. Always go to an official website rather than from a link sent to you via e-mail.
Contact your personnel department if you receive suspicious e-mail.
Click here to view the FBI announcement.
If you have any questions, please don't hesitate to contact University Credit Union at 800.696.8628.
Apple iOS - 11/14/14
A vulnerability in the Apple iOS software has been uncovered that allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances. Please be sure to follow the following guidelines:
a. Don’t install apps from third-party sources other than Apple’s official App Store.
b. Don’t click “Install” on a pop-up from a third-party web page, no matter what the pop-up says about the app. The pop-up can show attractive app titles crafted by the attacker.
c. When opening an app, if iOS shows an alert with “Untrusted App Developer”, click on “Don’t Trust” and uninstall the app immediately.
Home Depot Update - 11/10/14
On November 6, 2014, Home Depot issued an email to their customers warning of a possible phishing/smishing scam that may have occurred simultaneously to the recent payment card breach of their stores.
Some Home Depot customer email addresses are reporting to have been acquired during the incident; however, Home Depot has stated that they do not believe that email passwords, payment card information or other sensitive information was compromised. It is important to be aware of the possible email breach and that these emails may be used in an attempt to solicit sensitive information from customers. Never provide sensitive information via email and be aware that phone and other email scams often mimick the look of official sources. If you are ever unsure about a phone call you receive, hang up and call the official phone number.
Home Depot customers with concerns or that would like more information regarding the alleged email breach are being asked to visit the Home Depot web site or call 1-800-HOMEDEPOT.
POODLE - 10/17/14
A vulnerability has been reported by the Department of Homeland Security indicating that all systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable [POODLE]. Because of this, we have disabled the SSLv3 protocol on our systems. Those using Internet Explorer version 6 will need to update your browser to a newer version of Internet Explorer. We continuously monitor our network and systems, and use platforms that have state-of-the-art encryption and security standards. As always, we recommend changing your passwords regularly and maintain a heightened awareness of sites and links you visit while using the internet. We will provide any further updates on this page.
Department of Homeland Security Announcement: https://www.us-cert.gov/ncas/alerts/TA14-290A
Shellshock Bash - 09/26/14
A vulnerability has been reported by the Department of Homeland Security in which a flaw may make networks and systems vulnerable to digital attacks. Security is of the utmost importance to UCU and we take these announcements seriously. We continuously monitor our network and systems, and use platforms that have state-of-the-art encryption and security standards. As always, we recommend changing your passwords regularly and maintain a heightened awareness of sites and links you visit while using the internet. We will provide any further updates on this page.
Department of Homeland Security Announcement: https://www.us-cert.gov/ncas/alerts/TA14-268A
09/29/14- Apple releases update for OS X: http://support.apple.com/kb/DL1769
Home Depot Card Breach Update 09/19/14
On September 8th, Home Depot confirmed that their payment data systems were breached and that it could impact customers who used a debit or credit card at one or more of their U.S. and Canadian stores from April through September 2014. While news sources have indicated that this is the second largest breach in U.S. history, please be assured that University Credit Union has sophisticated fraud-monitoring mechanisms in place to detect fraud and to keep your card and your information safe. In addition to tools, we have a team of employees who work diligently to catch fraudulent transactions and ATM activity and stop it before it processes. University Credit Union takes the security of your accounts and information seriously, and that you can feel safe shopping with your UCU credit and debit cards. As a reminder as well, you are not liable for any fraudulent activity associated with your account.1
What about using my card?
You should remain confident when using your UCU credit and/or debit cards. We are currently assessing potentially impacted cards and will notify you if we have any concern with your account.
Is there anything I can do?
We highly recommend reviewing your transactions online, on our app or on your statements. If you see anything that you believe to be unusual or fraudulent, please contact us immediately at 800.696.8628. You can also sign up for text² or email alerts by logging on to Personal Finance Manager to notify you of certain transactions and online access.
As always, we appreciate your membership and please rest assured that your financial accounts are in good hands with University Credit Union.
Home Depot & Shaw's Data Breaches 09/09/14
In light of the recent increase in potential and confirmed data breaches at various retailers including Shaws and Home Depot, please be assured that UCU’s top priority is, and always has been, the security of our members’ information and accounts. We are working diligently to evaluate the possible exposure and risk to our cardholders.
University Credit Union has a robust system in place to monitor debit and credit card transactions 24/7 to detect unusual activity. While investigations are ongoing, we have increased our fraud monitoring software parameters as a precaution. We are closely monitoring the situation and are awaiting additional information on the potential risks for our cardholders. Additional updates will be available on this page when they become available.
As always, we strongly encourage our members to regularly monitor their accounts and report any suspicious activity to us immediately. In order to further safeguard your account, we invite you take advantage of our online and mobile banking services, including text or email notifications of your account activity. These services are available 24 hours per day.
If you have any questions or concerns regarding your account, please contact UCU at 800-696-8628 or visit a convenient UCU branch location.
For additional information on the Home Depot breach, click here.
For additional information on the Shaws and Star Markets breach, click here.
Large-Scale Hack Uncovered 08/05/14
A security firm has discovered a large-scale hacking and indicated that upwards of 1.2 billion usernames and passwords have been compromised. UCU is not affected by this. However, if you use the same username and password on multiple sites and one of those sites has been affected, it is highly recommended that you change your passwords on all sites where you use those credentials. If you have any questions, please don't hesitate to contact us at 800.696.8628.
Phishing Attempt 06/03/2014
IMPORTANT NOTICE: If you receive an email asking you to update your details, DO NOT RESPOND.
We have received word that people may have received an email that looks like it came from University Credit Union requesting an update to their information. THIS DID NOT COME FROM UNIVERSITY CREDIT UNION. This is a phishing attempt from someone trying to appear as the Credit Union. Do not respond, do not click links and delete the message. If you responded with sensitive information, or if you have any questions, please contact us immediately at 800.696.8628.
Below is an example of the phishing email:
Subject Line: University Credit Union Secure Message
Dear Credit Union Holder,
As part of our security measures to always protect you
due to large increase in fraudulent acts on the internet
we upgrade out system from time to time.
Kindly update your details below
Update, [the word 'update' is a link – if you received this email, DO NOT CLICK THIS LINK]
Thanks for giving us few minutes of your time to protect you better
University Credit Union Security Team
Please know that UCU will never request sensitive information via email.
Internet Explorer 04/30/14
Microsoft recently announced that a security flaw in the Internet Explorer (IE) browser may put users at risk. The vulnerability exists in versions 6 through 11 of Internet Explorer. Microsoft has fixed the security glitch in their most recent update. If you have automatic updates enabled, it will update automatically. If you do not, we encourage you to apply the update manually as quickly as possible. If you are using Windows XP, we recommend using a different browser.
Other browser options:
For more information about the flaw, please visit the Department of Homeland Security notice.
You may have heard a lot of talk recently about a web bug called Heartbleed. Heartbleed is a security vulnerability in OpenSSL, a popular, open-source protocol used to encrypt portions of the web. It's used to protect some usernames, passwords, and sensitive information set on secure websites. UCU’s website does not use OpenSSL where the vulnerability may exist, but uses a custom implementation of TLS/SSL. This means that UCU’s website in unaffected by the Heartbleed bug. Heartbleed is not a design flaw in SSL/TLS protocol, but implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.
If you have used login credentials on a site that has the vulnerability, that password may have been compromised by the security bug, and you'll want to change it once the bug is fixed. Because each system administrator has to manually fix the problem, which takes time, there's really nothing you can do until the compromised sites are up and running with an updated version of OpenSSL, and a new security certificate in place — a "reset" of the encryption used to protect current and archived information on the server going forward. For more technical and specific information on Heartbleed, the details can be found at http://heartbleed.com/. If you are unsure if a site you are using may contain the vulnerability, the following site can run a test: http://filippo.io/Heartbleed.
As always, it’s always a good idea to change your passwords periodically and to use different usernames and passwords for different sites. If you have any questions, please don't hesitate to contact us at 800.696.8628.