Security Alerts

7/22/10 - Email Claiming to be from NACHA

NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA (see sample below).

The subject line of the e-mail states: “Unauthorized ACH Transaction.” The e-mail includes a link that redirects the individual to a fake web page and contains a link which is almost certainly an executable virus with malware. Do not click on the link. Both the e-mail and the related website are fraudulent. Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current.

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report (DO NOT CLICK ON LINKS IN ANY SUSPICIOUS EMAIL!)
Copyright ©2009 by NACHA - The Electronic Payments Association
Back to Top

5/7/10 - Email Claiming to be from the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mails state: “Just for your time.” The e-mail tells recipients that, “The Federal Deposit Insurance Corporation Online department kindly asks you to take part in our quick and easy 5 questions survey.” It attempts to entice recipients to take the “survey” by telling them “In return we will credit $50.00 to your account – Just for your time!” The e-mail then directs recipients to click on a link to take the survey (a fraudulent link is provided).

This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.

The e-mails and text messages ask that the customer call a number in order to have their account reactivated. Some may request that you leave callback information or provide your financial information directly. All of these messages are fraudulent. Please do not respond to these messages. The Credit Union National Association is the trade association for credit unions in the US. CUNA does not maintain any type of customer/member financial information.

In addition, PrimeSource would never solicit your personal identification information via email or telephone. If you responded to such a solicitation, you should call us right away at 509-838-6157 or 800-660-0444.
Back to Top

11/1/07 - Holiday Shopping Online Security

Does the thought of making your way through crowded malls and shopping at 20 different stores only to wait in long check-out lines have you feeling like the Grinch? Shopping online during the holiday season can save time and minimize stress, but know a few simple rules before you dive into the world of online purchasing.

1. Only buy from familiar companies. Confirm the seller’s contact information in case you have questions or problems in the future. Know exactly what you’re buying. Carefully read the product description. Remember--if it seems too good to be true, it probably is.

2. Protect your privacy. Read and understand the company’s online privacy policy and keep any personal information, passwords, or PINs (personal identification numbers) private. Look for these signals indicating that you have entered a secure Web page:

3. Pay safely. After you review all terms of the sale, such as cost for shipping, delivery date, and return policy, you are ready to buy. Credit or charge card payments offer consumers the most protection--do not send cash, check, money order, or cashier’s check. Finally, print all transaction records and any other useful information pertaining to your purchase. Although online shopping allows you to virtually load your sleigh with just a few mouse clicks, practice safe browsing this holiday season.

Source: Federal Citizen Information Center
Copyright 2004 Credit Union National Association Inc. Information subject to change without notice. For use with members of a single credit union. All other rights reserved.
Back to Top

11/1/07 - Latest Scam: California Fire Donations

Websense, Inc. announced that its security research team has discovered suspicious online scams designed by criminals to steal money from those donating to the California fire effort.

"Unfortunately, as we saw with Katrina and several other recent emergencies, there are criminals who attempt to divert monies intended for the victims by creating bogus online donation Web sites and advertising them on high-traffic Web sites," said Dan Hubbard, vice president of security research, Websense. "These criminals are trying to take advantage of the amazing outpouring of support locally, state-wide and internationally.

7/27/07 - Jury Duty Scam
PrimeSource Credit Union has been advised of a new identity theft operation known as the "Jury Duty Scam." This scam involves a fraudster who poses as a local official and contact victims over the phone. The fraudster informs the victim that they have failed to report for jury duty and a warrant has been issued for their arrest. The fraudster will then ask for personal information such as bank account information, social security number, date of birth, etc. to pay the alleged fines. Please be advised that you should never provide any personal information over the phone. Legitimate businesses or government agencies would not ask for this kind of information over the phone.
Back to Top

4/20/07 - Financial Service Centers Cooperative, Inc
PrimeSource Credit Union has been notified of a fraudulent email circulating to the general public requesting personal member information by visiting a specific website and taking part in a survey for $50.00. It contains the CU Swirl Logo and the CUSC Network; providing much of the "look and feel" of the organizations. This is not a valid request for information from CUSC or CU Service Centers. Members should never send sensitive information such as passwords, credit card numbers, social security numbers, secret words, or PINs in an email or submit it through a website. In addition, members should never click directly on links in an email that requests sensitive information, even if they recognize and trust the address. These links can redirect you to a fake -- though very real looking -- website.
Back to Top

1/29/07 - Visa Phishing Scam
PrimeSource Credit Union has been notified of a fraudulent email that was recently distributed to cardholders who participate in Verified by Visa, an online card protection service. The email claimed to have come from Visa and stated that the cardholder was automatically enrolled in Verified by Visa. It also stated that the cardholder's Visa card may be temporarily disabled if they failed to update their Visa card. This email was a phishing scam and did not come from Visa. Visa will never ask cardholder to divulge information or passwords via email. Should you receive any questionable e-mails, please do not reply to them and do not contact the website referenced in the email. You may report the email to Visa by sending an email to phishing@visa.com.
Back to Top

1/19/07 - TJ Max Credit Card Security Breach
TJX Companies, owner of TJ Maxx, Marshalls, HomeSense, Winners, HomeGoods, AJ Wright, TK Maxx, and Bob's Stores reported a breach in credit card security. The company suffered an unauthorized intrusion into their computer systems that process and store information related to customer transactions, including debit card, check and merchandise return information. TJX businesses in the U.S., Canada, the United Kingdom, and Ireland were affected. To learn more, visit www.tjmaxx.com.
Back to Top

9/18/06 - Card Services Scam
Card Services For Credit Unions (CSCU) services all PrimeSource debit and credit cards. It has come to our attention that bogus e-mails have been sent out mimicking CSCU and asking members to take a look at a survey. When members click on the link in the e-mail it takes the member to a site that looks like the CSCU website and asks for personal account information, as well as plastic card information. Be assured that CSCU does not communicate with cardholders directly. Disregard any e-mails asking for personal identifying information. Please be aware.
Back to Top

9/04/06 - Vishing Scams
Vishing is once again targeting Credit Union members across the nation, but with a new twist. Vishing is a term used to describe stealing information by using a combination of the phone and e-mail, or "voice phishing". Currently, there are two methods that scammers are using; the online version and cold calling. In the online version the scammer sends a blast e-mail disguised to appear as though its from your credit union, bank, online payment service or other well-known business with a logo that appears to be legitimate. The e-mail usually reports a "security" issue with the recipients account and alerts the member to call a telephone number to "straighten things out." When the member calls the phone number they are then prompted to reveal their account number along with other private information. With the cold calling version, scammers will use automated dialing services to cold call members by using a prerecorded message or live person stating that the members account has been compromised, and their information needs to be updated or verified. The member is then prompted to verify their account, card or personal information. This scam is even more insidious because, often, the members caller ID device may list what appears to be a legitimate local phone number used to inspire trust from the recipient.

In some ways, vishing can be more dangerous than phishing scams because consumers are used to entering private information into automated phone systems. So, its easy to imagine that a lot of people may wind up victims of identity theft and suffer financial losses from these types of scams.

Steps that you can take to reduce you chance of being victimized:
Do not call a number provided in a phone call or an e-mail. Call the number on the back of your credit card or on a bank statement, or confirm their officially listed phone number on their website. Please hang up and call the phone number on the back of the card or on the account statement if you get anyone calling and stating that they are with a financial institution requesting your card number, and personal or account information. If the call was legitimate, the financial institution or card processor will have knowledge of it. And remember, PrimeSource will never request you to update your account or personal information over the telephone. If you have been victimized, contact PrimeSource Credit Union immediately at 1-800-660-0444 or 509-838-6157.
Back to Top

9/6/06 - Vishing Scams
Just as Internet surfers have gotten wise to the fine art of phishing, along comes a new scam utilizing a new technology. Creative thieves are now switching their efforts to "vishing," which uses phones instead of a misdirected Web link to steal user information. It's fairly simple to get a phone number anonymously. That makes it easier for scammers to carry out these vishing scams.

The criminal element has shifted from asking people to click on links to placing a phone call instead. Only the number isn't to a bank or credit card, it's to a phone that can recognize telephone keystrokes. The thieves don't even use an e-mail blast, they use computers to randomly call numbers and blanket an area. A recorded message tells the person receiving the call that their credit card has been breached and to "call the following (regional) phone number immediately." When the user calls the number, another message is played stating "this is (Institution Name) account verification, please enter your 16 digit account number." The rest is academic.

In some ways, vishing may be even more dangerous than phishing scams, because consumers are used to entering private information into automated phone systems. So, it's easy to imagine that a LOT of people are going to wind up victims of identity theft and suffer financial losses from these vishing scams.
Back to Top

8/10/06 - PrimeSource Phone Scam
Beware of anyone calling your home and asking for your account number. Be assured, we will NEVER call you and ask you for your account number. If you call us we may ask you questions to identify you, but we do not initiate calls requiring you to give us any of your private information. If you receive such a call, please notify us immediately at 509-838-6157 or 800-660-0444.
Back to Top