Sub-menu

UECU.org | Protecting Yourself Online

Identity Theft Alert - Phishing
Phishing is the use of fraudulent email messages that attempt to collect personal information. UECU protects the privacy of its members and will NEVER request personal information such as usernames, account numbers, PINs, or Social Security numbers in an email, text message, or voicemail. If you ever receive a message that APPEARS to be from UECU asking for this information, please contact us immediately by calling our main number, 800-288-6423.

The links to third-party websites included below are provided for your convenience. UECU does not endorse nor support the content of third-party links. UECU is not responsible for the content of a third-party website. By clicking on a third-party link, you will leave the uecu.org website. Privacy and security policies may differ from those practiced by the Credit Union.  

Current Alerts:

Tech Support Scams 
(Posted April 6, 2017)

The tech support scam is one of the most popular scams today. It’s another way for scammers to gain access to your confidential information, as well as your computer. Most of these scams involve someone calling you with an urgent message, they tell you that your computer has a virus or has been infected with malware. In order to help you fix the problem, they’ll say that they need remote access to your computer. They may also ask you for your credit card information so they can sell you phony anti-virus software. Don’t fall for this scam; it’s a ploy to get access to your computer so they can steal your confidential information. If you get a call, keep these tips in mind:

  • Don’t give control of your computer to a third party.
  • Don’t rely on Caller ID to verify that the call is from a legitimate company – scammers can easily spoof caller ID numbers.
  • Beware of online ads and pop-up messages for tech support companies, even if they look like they are from Microsoft or Apple. If you want tech support, look for a company’s contact information on their software package.
  • Never provide your credit card or bank/credit union account information to anyone who calls you claiming to be from a tech support company.
  • If you are concerned about your computer being infected with a virus, call your security software company directly.
  • Never give out your password; legitimate companies will never ask you for your password.
  • Put your phone number on the National Do Not Call Registry.

For additional information about Tech Support Scams, visit https://www.consumer.ftc.gov/articles/0346-tech-support-scams

National Credit Union Administration Warns Consumers of Text Phishing Scam
(Posted September 9, 2016)

The National Credit Union Administration (NCUA) has warned consumers about a recent scam involving fraudulent NCUA text messages. The messages read: “National Credit Union Administration Alert for (recipient’s phone number). Contact 844-234-5445.” Other fraudulent phone numbers to be alert for are 855-340-1398 and 844-906-0773. These texts are not communications from the NCUA. The agency does not seek personal information through the internet or telephone. If you receive one of these text messages, contact NCUA’s Consumer Assistance Center at 800-755-1030 between 8:00 am and 5:00 pm Eastern time. You should also contact UECU at 800-288-6423 and your local law enforcement as well. For additional information about the scam, visit https://www.ncua.gov/newsroom/Pages/NCUA-Warns-of-Text-Phishing-Scam.aspx

EMV Chip Card Phishing Scam
(Posted May 5, 2016)

Fraudsters have begun a new phishing scam that involves EMV chip cards. They are posing as card issuers and sending out phishing emails to consumers who may not have received a new EMV chip card yet. The emails ask recipients to update their accounts by providing personal information in order to receive their new chip cards, or to click on a link to continue the process. By clicking on the link, malware can be installed on a computer or mobile device. Consumers, who fall for phishing scams such as these, expose themselves to identity theft. Fraudsters can use the personal information that was submitted through the email, to open credit cards in the victim’s name. UECU will never send an email to you, requesting that you update your personal information within the email. If you need to update any of your personal account information, you can do it securely through Advantages Online™ home or mobile banking.  If you have not yet received a new Visa® Credit Card with a chip, contact the Credit Union at 800-288-6423 to request your card. UECU will soon begin issuing Visa Check Cards with a chip, for updates on availability, visit the UECU website periodically.  If you have questions about chip cards, contact the Credit Union at 800-288-6423.

Text Message Fraud & Phishing Scams
(Posted April 12, 2016)

One of the most popular phishing scams now involves the use of text messaging. Fraudsters are creating text messages that appear to be from a credible source like a financial institution, credit card company, or online payment company. The messages typically include a link to a fraudulent website, and instructions for the consumer to input their personal information or password. The latest scam includes a text message/alert for “suspicious activity” or an “issue” on your bank account. The message includes a request for the consumer to login to their online account, using a link within the email. If you receive a message like this, do not click on any links, delete the message, and immediately contact the Credit Union at 800-288-6423 to report the message. UECU would never ask you to update your personal information or access your online bank account via a text message, email, or phone request. 

Minimize your fraud risk; protect your mobile device and online account.

  • Avoid distractions when reviewing email through your mobile device. Fraudsters try to catch mobile phone users when they are off guard. Cell phones have small screens which can also make it more difficult for users to see fraudulent emails and text messages. 
  • Be very cautious when accessing public Wi-Fi networks; do not enter passwords or personal information when using public Wi-Fi. Use a virtual private network (VPN) if you have one available to you, it encrypts data when using mobile devices on a Wi-Fi network.
  • Install anti-virus software on your phone.
  • Protect your cell phone number; do not post it on your social media profile.
  • If you receive a suspicious email or text message, do not click on any links within the message or enter any personal information.
  • Monitor your accounts for fraudulent transactions regularly; report suspicious charges/purchases to your financial institution or credit card company immediately.
  • Create strong passwords for your online accounts, use numbers, symbols, and letters. Update your passwords frequently. Do not use the same password(s) for all of your online accounts. 

For additional information and tips on avoiding online thieves, creating a secure password, and wireless security, visit http://uecu.org/protectyourself
 

IRS Tax Scams
(Posted February 12, 2016)

The IRS is warning taxpayers to beware of scams that fraudsters are using to gain access to your money and confidential information. The scams involve bogus emails and phones calls from individuals who are posing as the IRS. They are using phishing emails and robo-calls to persuade consumers to pay phony tax bills; they typically demand that the bills be paid immediately with a prepaid debit card or wire transfer. If they cannot get through to you, they may leave an urgent message requesting that you call back to pay the fake tax bill. Scammers have also altered the caller ID to make it appear as though the IRS is actually calling for a legitimate reason.  In addition to phone calls, fraudsters are using phishing emails containing fake IRS documents, phone numbers and email addresses, with a request for recipients to reply with personal information. To protect yourself from these types of tax scams, keep in mind that the IRS will not:

  • Call you to demand immediate payment. The IRS will not call you if you owe taxes without first sending you a bill in the mail.
  • Demand that you pay taxes and not allow you to question or appeal the amount you owe.
  • Require that you pay your taxes a certain way. For instance, require that you pay with a prepaid debit card.
  • Ask for your credit or debit card numbers over the phone.
  • Threaten to bring in police or other agencies to arrest you for not paying.

For additional information on Tax Scams, visit
https://www.irs.gov/uac/IRS-Urges-Public-to-Stay-Alert-for-Scam-Phone-Calls

 

Email Phishing Scam - Enter to Win Tickets to Star Wars
(Posted November 2, 2015)

Be cautious of emails that indicate you have won movie tickets for the new Star Wars movie. These emails are part of a recent phishing scam. To access a sample of the email template that has been circulated, click here.  

 

Debit/Credit Card Phishing Scam
(Posted April 15, 2015)

If you receive a phone call regarding activity on your debit or credit card and the caller instructs you to dial a 1-800 # and enter your full 16-digit card number, do not respond. The calls are being generated through a phishing scam, in which a fraudulent request is being made in an attempt to access your card information. UECU would never contact you and request that you submit confidential card or account information. If you have questions about the phishing scam, please contact our Member Service Department at 800-288-6423.

 

National Credit Union Phishing Scam
(Posted March 19, 2015)

The National Credit Union Administration (NCUA) has warned consumers about a recent online phishing scam; consumers have received fraudulent emails from the National Credit Union Website, a site which appears to be the National Credit Union Administration website.  The emails request that recipients respond with personal information, including Social Security numbers, account numbers and login information. The emails also encourage recipients to transfer large amounts of money through the fictitious website. The NCUA warns consumers not to respond to these emails, the NCUA would never request personal or financial information in this manner. For additional information regarding the phishing scam, click here. 

 

TurboTax® Email Scams
(Posted February 12, 2015)

Beware of emails that look as though they were generated from TurboTax; the emails may request account information, passwords, banking, and credit card information.  At the height of tax season, hackers are making attempts to steal tax refunds by distributing fake emails requesting personal information. These fake emails are known as phishing scams. You should never send any personal or bank-related information in an email.

 

Home Depot Card Information Breach
(Posted September 9, 2014)

In response to the recent breach of credit card and debit card information belonging to consumers who shopped at retailer Home Depot, UECU is closely monitoring our members’ cards for any signs of fraudulent use. If you notice any suspicious activity on your own UECU VISA® check card or credit card, please notify UECU immediately at 800-288-6423 – remember that UECU’s free Advantages Online™ home banking and mobile banking tools allow you to keep tabs on your card transactions and account activity at all times. Another important measure you can take is to keep your phone numbers and other contact information updated with UECU. Our 24/7 card fraud monitoring system will alert you of any suspicious activity on your cards by calling the home phone or cell phone numbers you have on-file with the credit union. You can verify and update your contact information through Advantages Online™ home banking or by calling UECU.

 

International Cybertheft is a Reminder to Use Safe Password Practices
(Posted August 11, 2014)

UECU would like to remind our members that one of the best ways you can protect yourself online is to create strong, unique usernames and passwords for your online accounts – and to avoid using the same sign-in credentials for multiple online accounts.

Recent news reports regarding the theft of sign-in credentials by Russian cybercriminals, estimate millions of usernames and passwords have been accumulated from a variety of consumer websites across the Internet. While the cybertheft breach did not affect UECU or our member information, this news report is an important reminder for all consumers, of why it is so important to be careful with your personal information online. Best practices for safeguarding your online accounts include creating usernames and passwords with a sufficient number of characters (short passwords are easier to break), and using a variety of uppercase and lowercase letters, numbers and special characters in your password and/or username, as each website permits. It is also essential not to use the same username and password for your accounts across the Internet, especially those that provide access to your important financial and personal data.

UECU is extremely vigilant in protecting your account information with our online security and encryption measures – and there are also essential measures you must take to safeguard your account information. Please remember, do not share your sign-in information with others and do not repurpose your online banking username or password for additional sites across the internet (neither those you use with UECU nor the separate credentials you use for any other financial accounts you have). Doing so increases the risk of your sign-in credentials being stolen from other, less secure websites, which could allow cybercriminals to use your username and password to access your financial accounts. UECU wants to see you remain safe online. For additional information and website resources about Protecting Yourself Online, scroll to the bottom of this page.

 

Protect Your Mobile Device
(Posted July 22, 2014)

UECU would like to remind our members to protect themselves online – on all their devices. Recent news reports about personal identity theft schemes and malware like the new “Svpeng” bug that targets Android devices, are a good example of why consumers must be vigilant with their personal information. Remember that ensuring your online security requires you to safeguard your personal and financial information both on your computer and on any mobile phone or tablet devices you use for mobile banking, online purchases, or the storage of personal information.

Malware such as “Svpeng” is designed to infect a person’s mobile phone or tablet with software that can steal personal and financial information – and may demand payment or credit card information in order to restore access to a “locked” phone. The software can infect a device when a user clicks on a link in a text message or responds to a pop-up message on their phone.

To safeguard your mobile device from such schemes, do not respond to or click links in text messages or emails from senders you don’t recognize, and do not save account usernames, passwords, or credit card information on your device. If your mobile phone becomes “locked” by software you do not recognize, do not enter personal information – contact your phone provider about troubleshooting this issue or obtaining a replacement phone. For more information about protecting your device and safely conducting your mobile banking, read our UECU Mobile Banking Security Tips sheet.

 

Phone Call and Text Scams: Financial Account & Credit or Debit Card Messages
(Posted April 2014)

“Phishing” scams can come in the form of emails, web content, phone calls, and text messages. Recent scam alerts are warning consumers about phone messages and mobile phone text messages that reference financial accounts and products, without any mention of a specific financial institution name. The messages vary but most ask consumers to call a phone number to take action on their accounts or resolve a financial issue. These include, but are not limited to, messages about credit card activation, blocked ATM or debit cards, overdrawn checking accounts, account balances, VISA support, credit union cards, fraudulent card usage, and flagged or suspended cards.

These are phony messages. If you have received one of these calls or text messages, do NOT call the phone number provided in the message – scammers will try to solicit further information from you over the phone, so they can commit identity theft. Please see our recommendations below for guarding your personal information from phishing attempts like these, to better protect your identity, credit history, and finances. Remember, UECU will NEVER contact you by email or text message with a request for personal or account information – call only the UECU main phone line at 800-288-6423 if you have concerns about your account.

 

Heartbleed Bug” Online Security Alert
(Posted April 11, 2014)

As reported in recent news coverage, a security vulnerability known as the “Heartbleed Bug” has been identified in the Open SSL encryption software used by millions of websites to protect consumers’ personal data such as passwords, email addresses, and usernames.

Be assured that your UECU account information is secure. UECU does not use the Open SSL software with this recent vulnerability on any of our member facing websites, and is diligently safeguarding your personal data with measures including robust encryption and firewall protections.

A corrected version of open SSL software has been distributed and many consumer websites are beginning to adopt the corrected version. However, the Heartbleed Bug has been active for an extended period and it is unknown how many websites have been affected or how many consumers may have had their login information collected by the bug. To ensure your security on the consumer websites you use throughout the Internet, UECU recommends our members make use of the following best practices to protect the personal and credit card information they may provide on other websites:

  • Visit websites where you regularly submit personal credit card information, banking details, or other financial information to find out if the company has provided an update on the status of their security measures in response to the Heartbleed Bug. If there is no information, contact the company for details or check the security status of the website using the site  https://www.ssllabs.com/ssltest . Do not make any updates to your login information until you are sure the site is now secure.
  • After verifying a website has been secured with the new software patch, login and change your passwords using strong password measures such as including a combination of upper and lower case letters, numbers and special characters. Create different passwords for different sites and use any additional security measures that are offered such as security phrases and images, and text / email PIN verification options.
     

Pop-Up Window Scams: Credit Score Offers, Financial Websites, and More
(Posted January 2014)

Phishing includes all scams in which criminals attempt to collect your personal and/or financial information for identity theft or access to your finances. As you may know, scammers may contact you with fraudulent emails and phone call solicitations – but they can also cause pop-up windows to appear on your computer, asking you for sensitive information when you are using the Internet.

Please be aware that you should not enter personal or financial details in an unprotected online form even you are visiting a trusted website. If your computer is infected with malware or a virus, it could generate a pop-window that appears to be an offer or questionnaire from the financial institution, retailer, or other website you are visiting online. For example, some scams may offer you a prize or a free credit score / credit report if you fill out a form with financial information or your Social Security number. UECU will never ask you to fill out private or financial information on the www.uecu.org homepage – and you can access your financial information only by signing into your account through the secure Advantages Online™ home banking system.

If you suspect you are receiving or viewing materials that falsely claim to be from UECU, please contact us at 800-288-6423 and be sure to protect your computer with anti-malware and anti-virus protection software to reduce the possibility that your computer or internet browser will be targeted by scammers.

 

Scammers Emailing Target Retail Customers and Other Consumers
(Posted December 2013)

As consumers who shopped at Target retail locations during late-November through mid-December are probably well-aware, Target customers’ debit and credit card information was recently compromised. (To reduce the risk of fraud, UECU has proactively reissued VISA® cards for members who shopped at Target from 11/27/2013 through 12/15/2013.)

However, now all consumers, not just those who shopped at Target during those dates, should be aware that other scammers are taking advantage of the situation to send phony emails that appear to be from Target. These “phishing” emails claim they are meant to help people with their compromised cards, and attempt to collect credit card and personal information from individuals. The Federal Trade Commission (FTC) is warning consumers not to click on website links included in such emails and not to reply to any messages asking for your personal or financial information – whether the email appears to come from Target or another entity. These messages pose risks including identity theft and computer viruses or malware that could be connected to email links. Remember, legitimate businesses and organizations will not ask for your personal information via email or unsolicited phone calls. Please see below for more of UECU’s suggested tips and resources for protecting your identity and financial information. For more information on Target scams, visit the FTC’s site, OnGuardOnline.gov

 

Fraudulent NCUA "Vishing" Phone Calls Regarding Debit Card Activation
(Posted August 2013)

Some credit union members throguhout the U.S. have reported fraudulent phone calls from “NCUA” advising that their Debit Card needed to be activated. The caller ID lists the phone number as “restricted.” These calls are NOT from the NCUA and are FRAUDULENT.

Should you receive such voice messages delete them. UECU protects the privacy of its members and will NEVER request personal information such as usernames, account numbers, PIN or Social Security numbers in a phone, email or text message. If you have provided sensitive account information (your account number, debit or credit card number, expiration date, PIN, etc.) immediately contact UECU at 800-288-6423.

To protect yourself from becoming a victim of Vishing, use the same techniques you'd use to avoid internet phishing scams:

  • Don't give information to anyone unless you are certain you know with whom you're dealing. UECU will never contact you by phone, email, or by cell phone text message asking for your personal information.
  • If you receive a phone call from someone claiming to be from UECU (or NCUA) who asks you to provide information about your account, ask for the name of the person calling and what extension they're at. Then call UECU at 800-288-6423 and ask to speak to that person, or request general assistance with your account. Then, you know with absolute certainty you're talking to a trusted UECU Service Representative and they can take care of any issues on your account.
  • If it's an automated call, simply hang up.

 

Helpful Documents:

Identity Theft Assistance Form
Use this helpful chart to stop fraudulent use of your identity and to safeguard your credit, in the event that your personal information is compromised.

NCUA - You Can Fight Identity Theft
An informative brochure on identity theft from the National Credit Union Administration.

Are FREE Trial Offers Really FREE?
A warning about “free trial” scams that could cause unwanted charges to your credit or debit card.

Social Networking Security Tips
A list of security tips to safeguard yourself on social networking sites.
 

Helpful Websites:

National Credit Union Administration (NCUA) Fraud Information Center
http://www.ncua.gov/Resources/Cnsmrs/Fraud
Current news and updates on recent scams that could affect credit union members.

NCUA Division of Consumer Affairs
http://www.mycreditunion.gov
Information on protecting your finances and avoiding fraud is included in this online collection of financial tools and educational resources for credit union members.

Federal Trade Commission (FTC) Identity Theft Education
http://www.ftc.gov/idtheft
An FTC website with resources for detecting, identifying, and avoiding identity theft.

Stop-Think-Connect
www.stopthinkconnect.org
Consumer resources including tip sheets for kids’ online safety, mobile device safety, and social networking safety; Internet safety research and surveys; and blogs on a variety of safety topics.

National Cyber Security Alliance
http://www.staysafeonline.org
Information on protecting yourself online, teaching your family and children online safety, and ensuring online protection for businesses.

Anti-Phishing Working Group
http://www.antiphishing.org
Public education resources and cybercrime news from the Anti-Phishing Working Group, a business and law enforcement initiative group created to address fraud and identity theft.

The Internet Crime Complaint Center (IC3)
http://www.ic3.gov
Use the Internet Crime Complain Center to report internet crimes including phishing, fraud, or identity theft; providing consumer reports aids the Federal Bureau of Investigation and the National White Collar Crime Center in taking action on these crimes.