Fraud Information Center

Fraud Information Center

Contact Us

Fraud Information Center

Security Awareness: WannaCry ransomware

Friday of last week brought one of the most significant malware outbreaks that the world has seen in the past few years. This type of malware – known as ‘ransomware’ (because it encrypts all of the target’s data and only releases a decryption key once a ransom is paid) is able to spread from one computer to another inside home, work, or government networks.

  • How does it get on my computer or into an organization?
    • The most common way that this malware (WannaCry) gets in is through email that lures people into clicking on links to compromised sites that push malware onto their machines. Be sure to exercise extreme caution and do not click on links from unknown sources.
       
  • What makes it so dangerous?
    • WannaCry is a particularly virulent form of ransomware. In addition to encrypting files of the user who clicked on the email, it takes advantage of unpatched operating system vulnerabilities to actively spread from computer to computer, greatly expanding the reach of its attack.
       
  • How do I keep myself safe from it?
    • ***On your personal computers, be sure that your antivirus software and operating systems are up to date with the latest patches***
    • Exercise extreme caution when clicking on links included in emails from unknown sources
    • Do not use computers that have operating systems which no longer receive security support from manufacturers (Windows Vista and older for PC’s)
    • Make a backup of your sensitive data in a secure offline storage, like an external hard drive or a secure cloud backup solution. (note that the ransomware cant encrypt data that it can’t access)

Fraudulent Advertisement Requesting Information – September 30, 2016

Recently, some Triangle Credit Union members and non-members, have received fraudulent emails claiming that Triangle Credit Union is conducting a talent search for advertising. The email includes the history of the credit union, a target audience of “female models within the ages of 22-30,” and requests personal information including date of birth and photos.

The importance of educating our members regarding these types of scams and potential security risks is paramount.

Ways to protect your email:
1. Follow strong password guidelines (Examples)
2. Use encryption when available
3. Never give out your login credentials
4. Never email sensitive information without a secure portal


If you receive an email similar to what is described, please refrain from clicking any links that may be included and immediately notify Member Services at 603-889-2470, through secure email, or by chat within online banking.  Remember that no one should ask you for passwords, PIN’s, debit card numbers or other unrelated non-public information. If you have any questions or concerns, please do not hesitate to contact us at 603-889-2470.
 

NCUA Warns of Text Phishing Scam - August 23, 2016

The National Credit Union Administration has received consumer calls about a suspicious text message claiming to come from the agency.

The message reads: “National Credit Union Administration Alert for (recipient's phone number). Contact 844-234-5445.”

This is not a communication from NCUA. The agency does not seek personal information through the internet or on the telephone.

Please contact NCUA's Consumer Assistance Center at 1-800-755-1030 between 8 a.m. and 5 p.m. Eastern if you receive one of these messages. NCUA also recommends contacting your credit union and local law enforcement.

You may also contact the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.

NCUA operates an online Fraud Prevention Center that offers information about avoiding frauds and scams on its MyCreditUnion.gov website.

If you suspect you may have become a victim of identity theft as a result of this scam, you should immediately contact the three major credit bureaus and request a fraud alert be placed on your credit report: Equifax (888-766-0008), Experian (888-397-3742), and TransUnion (855-681-3196). Please remember that if you have a “Better Checking” account with Triangle Credit Union, you have valuable resources available to you to assist with these types of issues. You should contact any of our locations to discuss your options.
 

Fraudulent Credit Card Phone Calls – July 15, 2016

Recently, some Triangle Credit Union members, as well as non-members, have received fraudulent phone calls from a “law firm” claiming to represent Triangle Credit Union regarding their Credit Cards. The fraudsters state that credit card payments are past due and threaten to serve court documents if payment is not made immediately over the phone. There is no caller-ID information.

If you receive a call similar to what is described, please collect any Caller ID information that might be available and immediately notify Triangle Member Services at 603-889-2470 or through a secure email or chat within online banking at trianglecu.org. Remember that no one should ever ask you for passwords, PIN number, credit card number or other unrelated non-public information.

If you have any questions or concerns please do not hesitate to contact us at 603-889-2470.

 

Consumer Alert: ATM Card Skimming Frauds on the Rise - May 18, 2016

Deputy Banking Commissioner Ingrid E. White and Attorney General Joseph A. Foster urge New Hampshire consumers to be vigilant following a concerning increase in Automated Teller Machine ("ATM") card skimming frauds. ATM card skimming fraud involves the attachment of electronic devices on or around an ATM to illegally collect data from the magnetic strip of the card, while hidden cameras are also installed to capture the personal identification number entered by the customer. These electronic devices used to capture the information vary in design, size, and shape, and look similar to legitimate devices. Card skimming is an industry-wide issue and not unique to one type of ATM. Therefore, consumers should monitor their accounts and report suspicious activity.

How to reduce the chance of becoming a victim of ATM card skimming:

If you become a victim of ATM card skimming, you should:

www.Equifax.com 1-800-766-0008
www.Experian.com 1-888-397-3742
www.TransUnion.com 1-877-322-8228

Consumers can file a complaint with the Attorney General’s Office at http://doj.nh.gov/consumer/complaints/index.htm or by calling the Consumer Hotline at 1-888-468-4454

Consumers can contact the New Hampshire Banking Department at (603) 271-3561 or http://www.nh.gov/banking/index.htm for more information

Important Announcement from the Nashua Police Department: Beware of Phishing Scams – February 12, 2016

The Nashua Police Department has asked for the Greater Nashua Chamber of Commerce's help in spreading the word. There are currently a series of different phishing scams that are wrecking havoc on legitimate businesses in our community. Educating yourself and your employees, and ensuring that you have a safe and secure email service are just the tips of the iceberg in ensuring your organizations safety. We encourage all our members, and all business professionals in the community to take a look at the attached information and please make sure that you and your organization do not become victims of these malicious attacks.

Notice from the Nashua Police Department
Notice from the FBI

Fraudulent Debit Card Phone Calls – January 26, 2015

Recently, some Triangle Credit Union members, as well as non-members, have received fraudulent phone calls claiming their Triangle Debit Cards have been deactivated. The caller-ID on these phone calls indicate various numbers; some look like legitimate 1-800 numbers, others do not resemble a phone number. The caller then asked the end user to “Give account number to be reactivated” or to call another number to reactivate their card.

These incidents typically happen on weekends or holidays when members have fewer options to validate the issue. If you receive a call similar to what is described, please collect the information (the Caller ID number, additional phone numbers supplied during the call, etc.) and immediately notify Member Services at 603-889-2470 or through a secure email or chat within online banking. Remember that no one should ever ask you for passwords, PIN’s, debit card number or other unrelated non public information.

If you have any questions or concerns please do not hesitate to contact us at 603-889-2470.

Shellshock Vulnerability - September 26, 2014

Update Sept. 29th - Our primary vendors have performed an investigation and determined that we have no Bash interfaces exposed to the Internet. Triangle Credit Union and our vendors continue working with all third parties to confirm that they have patched their systems regarding the Shellshock vulnerability. We remain alert, our investigation remains open and we will continue to keep you informed as updates are available.

Sept. 26th - You may be hearing about the Shellshock vulnerability in the news. As with any security issue, your security is our top priority. We are working with our vendor to understand scope and impact of this new threat and take appropriate actions to mitigate the vulnerability as necessary.

Digital Insight name fraudulently used in phishing campaign - August 18, 2014

Triangle Credit Union partners with Digital Insight to offer our Online Banking services and we want to make our members aware of a current phishing campaign. Emails are being sent to random internet users using the spoofed address support@digitalinsight.com. These emails are not legitimate communications from Digital Insight or Triangle Credit Union. Attached to the message is a zip file containing a malicious executable file that looks like a PDF document that infects the user's computer with malware.

Sample Fraudulent Email

Incoming Transactions Report
An incoming money transfer has been received by your financial institution and the funds deposited to account.
Initiated By: Fiserv Inc.
Initiated Date & Time: Fri, 15 Aug 2014 23:00:11 +0700
Batch ID: 976
Please view the attached file to review the transaction details.

SQL Injection - August 7, 2014

We take security threats very seriously and prioritize the security of your account information and credentials. You may have heard about the recent theft of 1.2 billion user name and password credentials by a Russian crime ring. Our online banking vendor has strong security measures in place to prevent our vulnerability to this attack.

Heartbleed Bug – April 10, 2014

Update: 2:00pm ET, 4/10/14

Triangle’s vendors have discovered no vulnerabilities associated with the Heartbleed Bug. We will continue to monitor the development of the situation. As always, we suggest that our members update their passwords frequently to adhere to web-use best practices.

11:20am ET, 4/10/14

We are keeping a close eye on the "Heartbleed" bug you may have heard about. The vendor we use for Online Banking has completed a preliminary assessment and has not discovered any vulnerability. However, there are a number of ancillary services within your online banking experience that have not yet completed their assessment. We will be sure to keep you updated. Rest assured that we are doing everything we can to help ensure that your information is safe.

IRS Warns of Tax-time Scams - January, 2014

It's true: tax scams proliferate during the income tax filing season. This year's season opens on Jan. 31. The IRS provides the following scam warnings so you can protect yourself and avoid becoming a victim of these crimes:

For more about how to report phishing scams involving the IRS visit IRS.gov.

Here are several steps you can take to help protect yourself against scams and identity theft:

For more on this topic, see the special identity theft section on IRS.gov. Also check out IRS Fact Sheet 2014- IRS Combats Identity Theft and Refund Fraud on Many Fronts.

  • How does it get on my computer or into an organization?
    • The most common way that this malware (Wanna Cry) gets in is through email that lures people into clicking on links to compromised sites that push malware onto their machines. Be sure to exercise extreme caution and do not click on links from unknown sources.
    • What makes it so dangerous?
      • WannaCry is a particularly virulent form of ransomware. In addition to encrypting files of the user who clicked on the email, it takes advantage of unpatched operating system vulnerabilities to actively spread from computer to computer, greatly expanding the reach of its attack.
         
    • How do I keep myself safe from it?
      • ***On your personal computers, be sure that your antivirus software and operating systems are up to date with the latest patches***
      • Exercise extreme caution when clicking on links included in emails from unknown sources
      • Do not use computers that have operating systems which no longer receive security support from manufacturers (Windows Vista and older for PC’s)
      • Make a backup of your sensitive data in a secure offline storage, like an external hard drive or a secure cloud backup solution. (note that the ransomware cant encrypt data that it can’t access)
    • Check all ATMs and other card-reading devices before use. Signs of card skimmers include:
      • The ATM cover looks loose;
      • Scratches or sticky tape residue which might indicate a false ATM front;
      • A pinhole on the machine which could indicate a camera has been installed;
      • An extra keypad layered over the ATM’s keypad; and
      • Try jiggling the card reader – if it moves, it could be a card skimmer
         
    • Opt for ATMs inside buildings and in high traffic areas as these are harder for criminals to target
    • Cover the keys when entering your pin
    • If you have a choice, opt for credit (or using your debit card as credit) to prevent criminals from gaining access to your pin
    • Be more aware on weekends because criminals are more likely to install skimmers after a bank or credit union has closed, making it harder for consumers to report a problem
    • If an ATM looks suspicious in any way, don’t use it. Report it to the bank or police
    • Check your bank statement as soon as you receive it and report any suspicious entries to your bank or credit card company.
    • Contact your bank immediately to report any suspicious activity on your account
    • Continue to monitor you credit report – criminals may continue to use your information
    • Contact one of the three major credit bureaus to place a "fraud alert" on your credit records:
    • Be vigilant of any unexpected communication purportedly from the IRS at the start of tax season.
    • Don't fall for phone and phishing email scams that use the IRS as a lure. Thieves often pose as the IRS using a bogus refund scheme or warnings to pay past-due taxes.
    • The IRS doesn't initiate contact with taxpayers by email to request personal or financial information. This includes any type of e-communication, such as text messages and social media channels.
    • If you get an unexpected email, don't open any attachments or click on any links contained in the message. Instead, forward the email to phishing@irs.gov
    • Don't carry your Social Security card or any documents that include your Social Security number or Individual Taxpayer Identification Number.
    • Don't give a business your SSN or ITIN just because they ask. Give it only when required.
    • Protect your financial information.
    • Check your credit report every 12 months.
    • Secure personal information in your home.
    • Protect your personal computers by using firewalls and anti-spam/virus software, updating security patches and changing passwords for Internet accounts.
    • Don't give personal information over the phone, through the mail or on the Internet unless you have initiated the contact and are sure of the recipient.
    • Be careful when you choose a tax preparer. Most preparers provide excellent service, but there are a few who are unscrupulous. Refer to Tips to Help you Choose a Tax Preparer for more details