August 31, 2022
Fraudulent Calls / Spoofed Numbers
Members have notified us that they have received calls spoofing known UCU phone numbers. Please understand that UCU will never contact you and request login credentials, as we would already have that information. If you are unsure of who you are speaking to, hang up and contact UCU directly as you typically would.
Please do not give any information over the phone as we believe this to be a scam. If you have responded to a similar call recently and provided sensitive information, please contact us immediately at 800.696.8628.
August 15, 2022
Current Fraud Trends to be Aware of to Identify and Prevent Financial Fraud
What Is a Brute Force Attack?
- A brute-force attack is a trial-and-error method used by fraudsters to obtain payment card information such as an account number, card expiration date, PIN, or Card Verification Value 2 (CVV2).
How Members Can Help Prevent Brute Force Attacks
As with all fraud, there are steps that members can take to help protect their account information. It is good practice to:
- Use strong passwords and change them often. Having a strong password policy is the simplest and most effective way of thwarting a brute force attack. Don’t include personal information in your passwords, avoid recycling passwords, and change them frequently.
- Utilize two-factor authentication for accounts. This adds another layer of security to protect your personal information.
- Ensure the security on your electronic and mobile devices is up to date.
- Never open attachments or click on links from unknown individuals or companies as it could enable malicious software.
- Contact your credit union right away if you believe your information has been compromised!
What Is Spoofing?
- Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. In this case, fraudsters were contacting members saying that they were calling on behalf of a credit union.
How Members Can Prevent Falling Victim to a Spoofing Scam
Given this activity, sharing these helpful tips with your members can help protect them against fraud.
- Never share credit union account information or social security number. Your credit union will never contact you by phone, email, or text with a request for this information. If you receive a request like this, chances are, it’s fraud!
- If you receive an unsolicited call or text message from someone claiming to be a representative of the credit union, you should hang up (if contacted by phone) and call your credit union using a phone number listed on your statement to verify the contact is legitimate. If they get push back from the person on the other end, it is likely a scam.
It’s also good practice to:
- Monitor credit card accounts, banking accounts, and credit reports regularly.
- Change account passwords often and avoid using the same username and password on multiple sites or personal information.
- Never open attachments or click on links from unknown individuals or companies.
- Contact the credit union right away if you believe your information has been compromised!
July 8, 2022
Fraudsters are acting as employers and hiring new employees remotely. They are sending checks that require payment back to the 'employer' or associates by other direct means, such as third party person to person payment apps, for equipment or other supplies. This is an employment scam. If you have concerns about a scenario like this contact the credit union.
Online Safety Guide
University Credit Union is committed to the security and confidentiality of your personal and financial information. With the increased speed and convenience of today's technology comes increased risk for fraud. You are your own best defense and the best way to begin safeguarding your financial information is to become informed about safe online practices. Here are some important tips to keep in mind while conducting business online:
- Set strong passwords. A strong password is at least 8 to 10 characters in length and is a combination of upper and lower case letters, numbers, and special characters. Do not use names, birth dates, telephone numbers, Social Security numbers, or anything that could be easily guessed. Avoid passwords that spell a word, name, or recognizable sequence. Change your password frequently. Never write it down or share it with anyone.
- Never reveal personal information via electronic methods. Do not use e-mail or text message to send information such as account numbers or your Social Security number. Beware of e-mails asking for personal Information. Legitimate companies will never e-mail to ask for your Social Security number, PIN, or password.
- Remember e-mails and links are not always what they seem. Do not open e-mails from an unknown source and avoid clicking on links embedded in e-mails, especially if you are prompted to login. These links could direct you to a fraudulent website. Instead, type in the web address in your browser before logging in. Beware of e-mail attachments from sources you are unsure of as these files can allow viruses or malware access to your computer.
- Make sure the website is legitimate and secure. If you navigate to an URL (web address) that you did not type in, take the time to verify that the URL you are viewing matches what you would expect. Fraudulent websites deliberately use URLs that are similar to the website they are imitating. Make sure a website is secure before submitting personal information online. A secure URL begins with https://.
- Monitor your account activity. Review your account history often and thoroughly review your monthly statements. Investigate any suspicious items and notify us immediately of unauthorized activity.
- Keep your protection software up-to-date. Install anti-virus, anti-spyware, and anti-malware programs on your computer. Keep these programs on and update them frequently. It is also helpful to confirm that your operating system (i.e. Windows) and browser (i.e. Internet Explorer, Firefox, etc.) have the latest security updates.
- Avoid using public computers for financial activity. Do not use public access computers to view your online banking account. Computers accessible to the public may be infected with malicious software or viruses.
- Remember to log off. When you are finished with a site, log off instead of just closing the page or your browser. Do not leave your computer unattended while you are logged in to a site.
Did you know that UCU...
- Ensures strong security measures for on-line banking through Online Banking and the Mobile App. You can deter fraud with your challenge questions, username, and password. Your security image and phrase confirms you're on the real UCU website.
- Offers eAlerts on Online Banking that can notify you via text or e-mail regarding events that take place on your account?
- Has a fraud monitoring system in place to detect unusual transactional behavior? If we notice something unusual, we will contact you to confirm a transaction. Please notify us if you are traveling to aid us in properly identifying unusual activity.
- Will never call, e-mail or otherwise contact you to ask for login credentials? We will, however, ask "out of wallet" security questions during a phone call to verify your identity.
Contact UCU at 800.696.8628 with any questions or concerns about safe online financial practices. Notify UCU immediately if your account information has been compromised or if your debit card is missing or stolen.