Active Alerts

January 26, 2023

Internet Fraud

Fraudsters acting as ‘fraud protection’ are contacting people in a variety of ways including through internet fraud with pop-ups on computers. The fraudsters are then instructing the members to withdraw large amounts of cash to protect their funds from ‘fraud,’ specifically directing on what to tell branch staff such as ‘for home repairs,’ as to avoid getting caught. The fraudsters are then instructing the members to purchase gift cards to secure their funds and give to the fraudsters. UCU will never ask you to do this.

If you have experienced a similar scenario recently and provided sensitive information, please contact us immediately at 800.696.8628.

August 31, 2022

Fraudulent Calls / Spoofed Numbers

Members have notified us that they have received calls spoofing known UCU phone numbers. Please understand that UCU will never contact you and request login credentials, as we would already have that information. If you are unsure of who you are speaking to, hang up and contact UCU directly as you typically would.

Please do not give any information over the phone as we believe this to be a scam. If you have responded to a similar call recently and provided sensitive information, please contact us immediately at 800.696.8628.

August 15, 2022

Current Fraud Trends to be Aware of to Identify and Prevent Financial Fraud

What Is a Brute Force Attack?

A brute-force attack is a trial-and-error method used by fraudsters to obtain payment card information such as an account number, card expiration date, PIN, or Card Verification Value 2 (CVV2).

How Members Can Help Prevent Brute Force Attacks

As with all fraud, there are steps that members can take to help protect their account information. It is good practice to:

- Use strong passwords and change them often. Having a strong password policy is the simplest and most effective way of thwarting a brute force attack. Don’t include personal information in your passwords, avoid recycling passwords, and change them frequently.
- Utilize two-factor authentication for accounts. This adds another layer of security to protect your personal information.
- Ensure the security on your electronic and mobile devices is up to date.
- Never open attachments or click on links from unknown individuals or companies as it could enable malicious software.
- Contact your credit union right away if you believe your information has been compromised!

What Is Spoofing?

Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. In this case, fraudsters were contacting members saying that they were calling on behalf of a credit union.

How Members Can Prevent Falling Victim to a Spoofing Scam

Given this activity, sharing these helpful tips with your members can help protect them against fraud.

Never share credit union account information or social security number. Your credit union will never contact you by phone, email, or text with a request for this information. If you receive a request like this, chances are, it’s fraud!
If you receive an unsolicited call or text message from someone claiming to be a representative of the credit union, you should hang up (if contacted by phone) and call your credit union using a phone number listed on your statement to verify the contact is legitimate. If they get push back from the person on the other end, it is likely a scam.

It’s also good practice to:

Monitor credit card accounts, banking accounts, and credit reports regularly.
Change account passwords often and avoid using the same username and password on multiple sites or personal information.
Never open attachments or click on links from unknown individuals or companies.
Contact the credit union right away if you believe your information has been compromised!

July 8, 2022

Employment Scam

Fraudsters are acting as employers and hiring new employees remotely. They are sending checks that require payment back to the 'employer' or associates by other direct means, such as third party person to person payment apps, for equipment or other supplies. This is an employment scam. If you have concerns about a scenario like this contact the credit union.

Resources

FTC Consumer Information

Maine Consumer Protection

Learn How You Can Protect Your Identity

UCU Blogs & Articles

Scams & Fraud: Understanding Risks & Avoiding Traps

CyberSecurity

Online Safety Guide

University Credit Union is committed to the security and confidentiality of your personal and financial information. With the increased speed and convenience of today's technology comes increased risk for fraud. You are your own best defense and the best way to begin safeguarding your financial information is to become informed about safe online practices. Here are some important tips to keep in mind while conducting business online:

Set strong passwords. A strong password is at least 8 to 10 characters in length and is a combination of upper and lower case letters, numbers, and special characters. Do not use names, birth dates, telephone numbers, Social Security numbers, or anything that could be easily guessed. Avoid passwords that spell a word, name, or recognizable sequence. Change your password frequently. Never write it down or share it with anyone.
Never reveal personal information via electronic methods. Do not use e-mail or text message to send information such as account numbers or your Social Security number. Beware of e-mails asking for personal Information. Legitimate companies will never e-mail to ask for your Social Security number, PIN, or password.
Remember e-mails and links are not always what they seem. Do not open e-mails from an unknown source and avoid clicking on links embedded in e-mails, especially if you are prompted to login. These links could direct you to a fraudulent website. Instead, type in the web address in your browser before logging in. Beware of e-mail attachments from sources you are unsure of as these files can allow viruses or malware access to your computer.
Make sure the website is legitimate and secure. If you navigate to an URL (web address) that you did not type in, take the time to verify that the URL you are viewing matches what you would expect. Fraudulent websites deliberately use URLs that are similar to the website they are imitating. Make sure a website is secure before submitting personal information online. A secure URL begins with https://.
Monitor your account activity. Review your account history often and thoroughly review your monthly statements. Investigate any suspicious items and notify us immediately of unauthorized activity.
Keep your protection software up-to-date. Install anti-virus, anti-spyware, and anti-malware programs on your computer. Keep these programs on and update them frequently. It is also helpful to confirm that your operating system (i.e. Windows) and browser (i.e. Internet Explorer, Firefox, etc.) have the latest security updates.
Avoid using public computers for financial activity. Do not use public access computers to view your online banking account. Computers accessible to the public may be infected with malicious software or viruses.
Remember to log off. When you are finished with a site, log off instead of just closing the page or your browser. Do not leave your computer unattended while you are logged in to a site.

Did you know that UCU...

Ensures strong security measures for on-line banking through Online Banking and the Mobile App. You can deter fraud with your challenge questions, username, and password. Your security image and phrase confirms you're on the real UCU website.
Offers eAlerts on Online Banking that can notify you via text or e-mail regarding events that take place on your account?
Has a fraud monitoring system in place to detect unusual transactional behavior? If we notice something unusual, we will contact you to confirm a transaction. Please notify us if you are traveling to aid us in properly identifying unusual activity.
Will never call, e-mail or otherwise contact you to ask for login credentials? We will, however, ask "out of wallet" security questions during a phone call to verify your identity.

Contact UCU at 800.696.8628 with any questions or concerns about safe online financial practices. Notify UCU immediately if your account information has been compromised or if your debit card is missing or stolen.

Past Alerts

Fraudulent Calls

April 22, 2021 & November 2021

Members have reported receiving phone calls from individuals posing as UCU employees asking for personal information such as account numbers, PIN numbers, and Social Security numbers. Please do not give any information over the phone as we believe this to be a scam. If you have responded to a similar call recently and provided sensitive information, please contact us immediately at 800.696.8628.

Please understand that UCU will never contact you and request account numbers or social security numbers from you, as we would already have that information.

Active security alerts will be posted here when available. Information can also be found on the Maine Consumer Credit Protection website.

COVID Vaccine Scams

Third Party Personal Finance Apps

August 19, 2020

Are you using a personal finance app to help manage your money? If you are, you aren’t alone.

Consumers across the country are increasingly turning to apps like Dave.com, RobinHood.com, CashApp, and countless others to monitor their spending. While these apps may provide a platform for viewing and working with multiple accounts, they also increase the risk of having financial information breached. In fact, a recent breach at Waydev affected 7.5M consumers.

If you are leveraging any of these tools, there are some important steps you can take to protect your personal information.

Examine the terms of service for apps you are using.
- Review the app’s data retention policies and determine whether the app resells your information.

Find out what security features the app offers to ensure your personal information remains safe.
- Look for things like two-factor authentication.

Always confirm the validity of the app.
- Don't provide your account numbers or any personal or financial information on the phone or online unless you initiate the conversation and you know the organization.

Change your passwords and security settings often and use a highly secure password for your financial accounts.
- Secure passwords often contain letters, numbers, and special characters.
- Avoid using the same username and password on multiple sites.
- Guard your pins and passwords. Don’t store them on your phone or write them down in a location where others might be able to access them.

Change your credit union and other account passwords if you want to remove an app’s access to your accounts.
Contact us right away if you feel your information has been compromised!

Always use extreme care when using third party apps. The more services you sign up for and the more devices you use provides criminals additional opportunities to steal your information for their personal gain.

Phone Scam

January 30, 2018

Members have reported receiving phone calls from individuals representing themselves as UCU employees asking for account information and personal information such as a social security number. Please do not give any information over the phone as we believe this to be a scam. If you have responded to a similar call recently and provided sensitive information, please contact us immediately at 800.696.8628.

Please understand that UCU will never contact you and request account numbers or social security numbers from you, as we would already have that information.

Equifax Data Breach

As you are likely aware, Equifax, one of the three largest credit monitoring bureaus in the U.S., announced a data breach with as many as 143 million social security numbers, names, and addresses from the company’s credit files potentially compromised. Though this breach was not related to University Credit Union, we are committed to providing our members with the information and resources they need to remain informed and to take action to protect their identity and personal information.

Like many others, you may be concerned that your private information was exposed in the Equifax breach. We encourage all of our members to visit the Equifax site to discover if your information may have been compromised.

Recommended Actions:

Find out if you were impacted. Visit equifaxsecurity2017.com and click on the Check Potential Impact Tab. Enter your last name and the last six digits of your social security number. If the site indicates that your information “may be compromised”, our advice is that you should take action to protect yourself as though it was confirmed that it was compromised in an abundance of caution.

Enroll in credit monitoring. Equifax is providing a credit monitoring option, called TrustedID. Additionally, University Credit Union offers a comprehensive identity protection and restoration solution with our Kasasa Protect™ product. Learn more and sign up at www.ucumaine.com/kasasa-protect.

Review your University Credit Union account history and other Bank account activity regularly.

Access your current credit report at annualcreditreport.com and review it to look for unexpected items and correct history.

Set up fraud alerts at ftc.gov/articles/0275-place-fraud-alert so that you can be alerted to future issues like this.

Consider placing a freeze on your credit files as described in this article from the Federal Trade Commission at ftc.gov/articles/0497-credit-freeze-faqs.

Equifax has set up a dedicated call center at 866-447-7559 where you can speak to someone regarding any questions you may have about the breach. We would encourage members with questions to reach out to them.

Upgrades In Progress!

Quicklinks

Active Alerts

Resources

UCU Blogs & Articles

Online Safety Guide

Past Alerts

Build & Protect

Learn

Quick Links

Resources

Latest from UCU

FIND US

CALL US

TEXT US