We are committed to educating our members about security related issues. This page will contain news and information about potential threats that may be of interest to you. As always, please be sure to practice safe computing by: running anti-virus and anti-spyware software and keeping them updated, running a firewall, and keeping your operating system and all software updated with the latest security patches.
05/20/2008 - Beware of Phishing Emails Regarding Account Suspension
We have recently received reports of fraudulent emails that appear to originate from Allegacy regarding your account being temporarily suspended. The email goes on to explain that you must call to reactivate your account. DO NOT call any of the phone numbers listed on the email, as they are not legitimate Allegacy phone numbers. If you have any questions or doubt the validity of an email you receive, please contact Member Services.
03/25/2008 - Beware of Phishing Emails Regarding Enhanced Login Security
We have recently received reports of fraudulent emails that appear to originate from Allegacy Member Services regarding your WebBanking account not being protected with Enhanced Login Security. The email goes on to explain that you must update your account information or the account will be deactivated and deleted. The email then links you to another page for you to enter your personal information. DO NOT click on the links within the email or submit any information.
03/19/2008 - Beware of New Phone Scam
Numerous individuals are receiving calls stating that their CUSO or Allegacy card needs to be reactivated. Individuals are then provided a phone number for them to call and provide their card number. DO NOT give any information over the phone, either automated or to a person. Allegacy will never contact a member and ask for secure private information. The member must initiate contact with Allegacy before private and secure information will be asked of them.
01/23/2008 - Beware of New Phone Scam
Numerous financial institutions are receiving calls from their customers stating they have received a recorded message saying their account has been frozen. The calls appear to be coming from the security departments of financial institutions. The instructions on the recorded message ask the member to dial 918-615-4284 and punch in their 16 digit card number. This is a phone scam. DO NOT give any information over the phone, either automated or to a person. Allegacy will never contact a member and ask for secure private information. The member must initiate contact with Allegacy before private and secure information will be asked of them.
01/10/2008 - Beware of Phishing Emails from Insurance Companies
We have recently received reports of fraudulent emails that appear to originate from a number of insurance companies regarding online bill payment and E-Bills. The emails contain the recipient’s name, claim that they are a registered policy holder and that they can sign up to view and pay their bill online. If you receive an email like this from a company you do not have an account with, do not click on the links within the email or submit any information.
11/13/2007 - Beware of Phishing Emails from Digital Insight
We have recently received reports of fraudulent emails that appear to originate from Digital Insight. The email contains a link and requests that the recipient go online to request a free gift prize. Do not click on the link or submit your information. Instead, please delete the email.
08/23/2007 - New Computer Virus May Prompt Bill Pay Fraud Attempt
Please be on the look out for a new computer virus. This virus may cause a fraudulent screen to appear in the WebPay window. The screen posts messages that attempt to trick you into providing sensitive information such as your account numbers and passwords – information that you have already provided to us and we would not ask you to provide again. If you are using WebPay and a new screen appears out of context asking you to provide sensitive information, do not do so. If you are in doubt about the validity of a screen, please contact member services.
08/17/2007 - Beware of Phishing Emails from the Internal Revenue Service
We have recently received reports of fraudulent emails that appear to originate from the Internal Revenue Service. The email claims that the recipient is eligible to receive a tax refund and instructs them to click on a link to access the form to complete for the refund. Do not submit your information.
08/16/2007 - Beware of Phishing Emails from CUNET
We have recently received reports of fraudulent emails that appear to originate from CUNET regarding Apex ACH Update. The email claims that due to a new security level, the email recipient is requested to click on a secure link to answer challenge questions and help test their new software. It also states that the recipient's accounts will be temporarily disabled until they pass all levels of authorization. Do not click on the link or submit your information.
06/04/2007 - Beware of Phishing Emails from Bank of America
We have recently received reports of fraudulent emails that appear to originate from Bank of America. The email claims that they have recently done system maintenance on their online banking server. It asks the recipient to click on the link to Bank of America to update their online banking profile. Do not submit your information.
06/04/2007 - Beware of Phishing Emails from Wachovia
We have recently received reports of fraudulent emails that appear to originate from Wachovia. The email claims that they have upgraded their SSL servers. It asks the recipient to click on the link to Wachovia to verify their account. Do not submit your information.
02/21/2007 - Beware of Credit Union Survey Emails offering money as incentive
Different credit unions have recently been the subject of phishing emails offering a deposit into the account of the recipient if they complete a survey. For example one email reads (CU name withheld):
"You have been chosen by X Credit Union online department to take part in our quick and easy 5 question survey. In return we will credit $50 to your account - Just for your time!
Helping us better understand how our customers feel benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service."
02/15/2007 - NCUA Internet Transaction Tips
The National Credit Union Administration (NCUA) has recently released Tips to Conduct Financial Transactions Over the Internet. This brochure covers how members can protect their privacy, how to ensure safe online transactions via encryption and passwords, and where to report suspected fraud.
01/29/2007 - The TJX Companies Security Breach
Allegacy considers the safeguarding of your financial information to be among our most important responsibilities.
Recently, Allegacy and other financial institutions were notified by Visa USA that certain Visa® card account information may have been compromised at a third party location. We want to take this opportunity to remind you of some of the steps you can take to further protect yourself.
1. Closely monitor your account online at allegacyfcu.org.
2. Check your account statement promptly and immediately report any transactions that you don’t recognize.
3. Check your credit report regularly for incorrect information. In fact, you’re entitled to one free copy of your credit report every year at www.annualcreditreport.com or by calling (877) 322–8228.
4. Destroy all receipts before discarding them since some of them may have your card number printed on it.
5. Guard your card — don’t use it as collateral or give out your card number to someone on the phone, unless you initiated the call for a purchase.
6. Register your card to use Verified by Visa and shop online with merchants that participate in the Verified by Visa service. This provides additional protection against unauthorized use of your card online.
Find out more about the TJX Companies Security Breach
Frequently Asked Questions
01/12/2007 - Beware of Phishing Emails from the National Credit Union Administration
We have recently received reports of fraudulent emails that appear to originate from the National Credit Union National Administration (NCUA). The email claims that they have noticed a problem on the recipients account and that they need additional information. It asks the recipient to click on the link to the National Credit Union Administration to verify their account. Do not submit your information.
01/04/2007 - Beware of $25 Email Survey Offer from CUNA
We have recently received reports of fraudulent emails that appear to originate from the Credit Union National Association (CUNA). The email claims to provide participants of an online survey, a $25.00 reward. Of course, the phish asks for your credit card number, a ploy to gather information that possibly could be used for identity theft or fraudulent transactions. Do not submit your information.
09/18/2006 - Beware of $20 Email Survey Offer from CUNA
We have recently received reports of fraudulent emails that appear to originate from the Credit Union National Association (CUNA). The email claims to provide participants of an online satisfaction survey, a $20.00 reward, and the chance at a $2,500 grand prize. Of course, the phish asks for your credit card number, a ploy to gather information that possibly could be used for identity theft or fraudulent transactions. Do not submit your information.
09/18/2006 - FDIC Reports Fraudulent E-Mails
E-mails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These e-mails falsely indicate that recipients should install software that was developed by the FDIC and other agencies. The software may be a form of spyware or malicious code and may collect personal or confidential information, which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.
The subject line of the e-mail includes the phrase, "Urgent Notification - Security Reminder." The e-mail requests that recipients click on a hyperlink that appears to be related to the FDIC, which directs recipients to an unknown executable file to be downloaded.
The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.
08/11/2006 - Criminals Duplicate NAFCU Logo and Site
The National Association of Federal Credit Unions (NAFCU) had their name, logo, and other graphics used fraudulently in numerous “phishing” e-mails aimed at tricking people into providing sensitive financial and personal data on replicated Web sites. Giving these phishers your account and other sensitive information may expose you to identity theft and other types of fraud.
If you receive an e-mail that appears to be from NAFCU and instructs you to go online to provide or verify or confirm financial or sensitive personal information, don’t believe it: NAFCU will never send you an e-mail asking for your credit- or debit-card, credit union or bank account information, Social Security number, login information (such as a PIN) or similarly sensitive data.
If you have already complied with a phishing e-mail, you should contact the institution where you maintain your account and have the information changed immediately.
06/27/2006 - Deactivating and Activating Your Cards—New Twist On Phishing
Phishers continuously seek new ways to find individuals who are willing to provide information for the criminals to tap into a financial gain from its fraud victims. Once you provide your personal and/or financial information, the criminals are off and running to cause you financial losses.
The phishers continue to change their phony e-mails by including false fraud protection techniques as a new twist to convince members the e-mail is from your credit union with the added educational information. Because of everyone's fraud awareness, the phishers lure members to “take action” and provide the information by using an “online banking” login, which will re-direct this site to the phishers.
The "take action" the phishers are asking members to perform is:
- Deactivate your card(s) temporarily to guard against fraud
- Activate your card(s) by having you log on to an “online banking system” where the phishers are able to obtain your card information.
The phishers convince victims there is no need to contact their credit union to validate the email or telephone request involving the deactivation and activation process. We encourage you to contact the credit union if you have questions about any email you receive asking for any personal or financial information.
06/19/2006 - Criminals Duplicate NCUA Logo and Site
Recently, NCUA has discovered that its name, logo, and web site are being used repeatedly in spammed messages to obtain personal account information and PINs. Emails were sent to individuals that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.
NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.
If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.
06/13/2006 - Beware of Phishing Emails from CUNA, Visa, and Mastercard
We have recently received reports of fraudulent emails that appear to originate from the Credit Union National Association (CUNA), Visa, and Mastercard. The email claims that because of a recent phishing attack and identity theft, CUNA and the card companies have temporarily deactivated the recipient's debit card tied to a credit union account. It then asks the recipient to "reactivate" the debit card at the CUNA website and specifies separate links depending on whether the card is from Visa or MasterCard. Of course, the phish asks for the card number, a ploy to gather information that possibly could be used for identity theft or fraudulent transactions. Do not submit your information.
05/30/2006 - U.S. Department of Veteran Affairs Notes Possible Compromise of Electronic Data
On May 22, 2006, the U.S. Department of Veteran Affairs (VA) published a notice that electronic data on approximately 26.5 million veterans and some spouses may have been compromised. The VA is working closely with numerous government agencies to ensure that veterans and their families are protected against any possible misuse of that data. For additional information on this security incident, please refer to the VA web site at www.va.gov.
Veterans may call 1-800-FED INFO (1-800-333-4636) from 8 am to 9 pm (EDT) Monday through Saturday to get information about this situation and to learn more about consumer identity protections.
05/11/2006 - New Twist on Phishing Combines Email and Telephone
An email security company has recently reported that it has seen email messages sent that warns the recipient that there is some problem with his or her bank account. Instead of being asked to click on a link that takes them to a website where they will be asked to provide personal information, these new emails ask the recipient to call a phone number to resolve the problems. There is a voice response system at that phone number which identifies itself as the recipient's bank and requests his or her account number and PIN. Do not call phone numbers sent to you in an email from a financial institution. Always check the numbers from a trusted source, such as the back of your credit card, an account statement, or on the institution's website.
05/03/2006 - Beware of Emails from CreditUnions.com
CreditUnions.com reports that it has come to their attention that some credit union members have received the fraudulent e-mail below, soliciting recipients for personal information including name, phone, e-mail and credit card information. If you should happen to receive an email like this, DO NOT share any personal information. Neither Allegacy nor CreditUnions.com will ever ask for any personal credit card or financial information via e-mail. Neither CreditUnions.com nor its vendor partners are affiliated with this phishing scam.
The email reads:
 CreditUnions.com Inc, Online® Services - Security Notice
You have received this email because you or someone had used your account from different locations or you or someone failed to login for several times. For security purposes we are required to open an investigation into this matter and lock your account.
In order to unlock your online account, we require that you confirm some of your online account details. To help speed up this process, please access our website following the link bellow. This way we can complete the verification of your CreditUnions.com Account and have your account unlocked.
Please Note: If we do no receive the appropriate account verification within the next 48 hours, your account will remain locked and then suspended. The purpose of this verification is to ensure that your account has not been fraudulently used and to combat the fraud from our community.
We appreciate your support and understanding and thank you for your prompt attention to this matter.
03/22/2006 - IRS Warns Consumers About Phishing Email
A recent uptick in identity-theft scams use the IRS’s name to garner people's personal information.
The IRS reports that fraudsters are sending messages to individual taxpayers inviting them to go online and verify personal information in order to get a refund. According to the IRS, Treasury’s inspector general for tax administration found 12 Web sites hosting the phish schemes in 11 countries.
The IRS has an alert on its Web site warning consumers about the scams. Phish e-mails may appear to be from addresses like tax-refunds@irs.gov, admin@irs.gov or other variations of e-mail addresses with irs.gov at the end. People who click on these links will end up on a copy of the IRS’s Web site, but it prompts visitors to provide personal and financial information that the IRS’s own interactive page does not require.
In another scam, non-residents receive a bogus IRS letter and Form W-8BEN, which is a form that financial institutions use to establish appropriate tax withholding for foreign individuals. The bogus letters ask recipients to provide personal information such as account numbers, personal identification numbers, mother’s maiden name and passport number. The IRS says the legitimate W-8BEN does not seek any of this information.
02/17/2006 - Beware of Emails from CUNA
We have recently received reports of fraudulent emails that appear to originate from the Credit Union National Association (CUNA). Some of these emails indicate that your card skimming devices have been captured from gas stations and ATM locations and that they have reason to believe that your personal information may have been compromised. The email includes a link that directs the recipient to a web page that requests for the recipient to confirm their Credit Union Debit Card information. Do not submit your information.
 
Sample screenshots of fraudulent CUNA email and fraudulent CUNA web site.
02/07/2006 - Beware of Questions from eBay Members
The latest Internet phishing scam preys on active eBay users. Scammers are sending emails that appear to come from eBay and indicate that another eBay user is asking them for more information about a product they are selling, that the recipient has won an eBay auction and has not yet paid, or that the recipient has not yet shipped an item that someone else won. The emails look very official but the links in the email direct the recipient to a fraudulent web site that looks like eBay's web site but in reality is set up only to capture their eBay log-in information.
If you should receive emails that appear to be questions or comments from other eBay users, please do not click on the links in the emails, but rather type "www.ebay.com" in your browser's address bar, sign-in to your eBay account, and respond to any messages by using the options in the "My eBay" section.
01/23/2006 - US Government Provides Practical and Fun Security Information
The web site OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. Topics include: Identity Theft, Spyware, Phishing, Spam Scams, Online Shopping, P2P File-Sharing, and Voice over IP. There is a wealth of information, quizzes, videos, other resources to make learning easy and fun. They even offer a Spanish language version.
|
