Online Security Information

A local credit union has been informed by some of their members that they received a phone call from someone claiming to be with the credit union's Fraud Department. The number on the caller ID was spoofed to appear as if it was the credit union’s phone number. During the call, the fraudster tells the members that two charges are trying to clear their account from California and that they suspect it is fraud. The caller then directs them through an automated system where they get asked to disclose their entire card number to cancel the fraudulent charges.

Luckily, in these examples, the members hung up, did not provide the information, and contacted the credit union. This may not always be the case. Your credit union will never call and ask you to reveal personal information like account numbers, PINs, or social security numbers.

Our credit union wants to alert you about a text messaging scam that is impacting members across Maine. If you receive an unsolicited text message from someone claiming to be with a Maine-based credit union about a suspicious online purchase made with your debit card, do not click any links in the message!

As a friendly reminder, you should never click on links received in emails or text messages from people you do not know. Anytime you receive an alert about a financial transaction from someone other than your trusted credit union, be wary! This is a big red flag for fraud. Our credit union will never contact you by phone, text, or email and ask you to verify your banking account number, passwords, Social Security number, or other personal information. Always reach out to our credit union at the number listed on our website if you are uncertain about a communication or need assistance.

Unfortunately, we are again hearing from our members that fraudsters are attempting to steal their financial information, such as online/mobile banking passwords and credit card and debit/ATM numbers. As a reminder, University Credit Union will not contact you requesting you to share account information. Fraudsters can spoof real numbers (including your credit union’s phone number), and falsely claim there has been potential fraudulent activity on your account in attempt to scare you into providing your account information.

If you are contacted by someone asking you provide passwords or any information that appears on your debit, ATM, or credit card (such as card number, CVV number, name on the card, expiration date, address, zip code), DO NOT share anything with them. HANG UP IMMEDIATELY. Again, please remember these fraudsters can mask phone numbers and make it appear as though they are calling from a valid number, even an University Credit Union number. If you are unsure at all as to whether the representative calling you is from University Credit Union, hang up and contact us at 800.696.8628.

Fraudsters are contacting members by calling, text message, or email claiming to be the UCU Fraud Team stating suspicious activity was spotted on their account. The scammer then asks the member to provide their Digital Banking username and password, and Secure Access Codes in order to "protect" their account.
If you receive a suspicious call, text or email from someone claiming to be from UCU, ignore it, don’t click any links and/or hang up. If you're unsure if the communication is legitimate, please call us directly at 800.696.8628.

Remember, UCU will never ask you to do this. If you have experienced a similar scenario recently and provided sensitive information, please contact us immediately at 800.696.8628.

 What Is a Brute Force Attack?

• A brute-force attack is a trial-and-error method used by fraudsters to obtain payment card information such as an account number, card expiration date, PIN, or Card Verification Value 2 (CVV2).

How Members Can Help Prevent Brute Force Attacks

As with all fraud, there are steps that members can take to help protect their account information. It is good practice to:

• • Use strong passwords and change them often. Having a strong password policy is the simplest and most effective way of thwarting a brute force attack. Don’t include personal information in your passwords, avoid recycling passwords, and change them frequently.
  • Utilize two-factor authentication for accounts. This adds another layer of security to protect your personal information.
  • Ensure the security on your electronic and mobile devices is up to date.
  • Never open attachments or click on links from unknown individuals or companies as it could enable malicious software.
  • Contact your credit union right away if you believe your information has been compromised!

What Is Spoofing?

• Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. In this case, fraudsters were contacting members saying that they were calling on behalf of a credit union.

How Members Can Prevent Falling Victim to a Spoofing Scam

Given this activity, sharing these helpful tips with your members can help protect them against fraud.

• Never share credit union account information or social security number. Your credit union will never contact you by phone, email, or text with a request for this information. If you receive a request like this, chances are, it’s fraud!
• If you receive an unsolicited call or text message from someone claiming to be a representative of the credit union, you should hang up (if contacted by phone) and call your credit union using a phone number listed on your statement to verify the contact is legitimate. If they get push back from the person on the other end, it is likely a scam.

It’s also good practice to:

• Monitor credit card accounts, banking accounts, and credit reports regularly.
• Change account passwords often and avoid using the same username and password on multiple sites or personal information.
• Never open attachments or click on links from unknown individuals or companies.
• Contact the credit union right away if you believe your information has been compromised!

Fraudsters are acting as employers and hiring new employees remotely. They are sending checks that require payment back to the 'employer' or associates by other direct means, such as third party person to person payment apps, for equipment or other supplies. This is an employment scam. If you have concerns about a scenario like this contact the credit union.