Security

Alert 09/04/14

Home Depot Card Breach.

On Tuesday, September 2, 2014 Home Depot announced that it was investigating reports implicating that customer credit and debit card data was stolen from its systems. The data breach itself and the period the data was reportedly exposed has not been confirmed. The company said it was working with law enforcement authorities and its partner banks.

Please know that Financial Resources has conducted an initial review of our entire card database and will be monitoring all accounts and activity closely for any potentially compromised cards or fraudulent activity. We encourage you to monitor your account and if you believe any activity to not be legitimate please notify us as soon as possible so we may work with you to implement further protective measures. We will provide members with further updates as we obtain more specific and confirmed information.

As a reminder Financial Resources’ members can easily monitor their accounts with online banking and mobile banking as well as receive text message alerts related to account activity. If you do not have online or mobile banking, signing up is quick and easy.

If you have any questions or concerns, please call us at 800-933-3280 or email us here.

 

Alert 08/28/14

Internet Banking not impacted by recent hack of JPMorgan and other banks.

We take security threats very seriously and prioritize the security of your account information and credentials. You may have heard about the recent cyber-attack against JP Morgan and other banks. Our online banking vendor has strong security measures in place to prevent our vulnerability to attacks like this.

 

Alert 08/18/14

Spoofed e-mail address being used fraudulently in a phishing campaign

Emails are being sent to random internet users who may or may not be Internet banking customers using the spoofed address support@digitalinsight.com. These emails are not legitimate communications from Digital Insight. Attached to the message is a zip file containing a malicious executable file that looks like a PDF document that infects the user's computer with malware.

Sample fraudulent email:

Incoming Transactions Report
An incoming money transfer has been received by your financial institution and the funds deposited to account.
Initiated By: Fiserv Inc.
Initiated Date & Time: Fri, 15 Aug 2014 23:00:11 +0700
Batch ID: 976
Please view the attached file to review the transaction details.

How can you protect yourself against this and other phishing attacks?

• Install an antivirus app on both your personal computer and your mobile device and keep it updated.
• Do not click on attachments in suspicious emails.
• Perform regular backups of data.
• Don't view or share personal information over a public wi-fi network.

 

Alert 08/08/14

Russian Hackers Steal 1.2B Passwords

We take security threats very seriously and prioritize the security of your account information and credentials. You may have heard about the recent theft of 1.2 billion user name and password credentials by a Russian crime ring. Our online banking vendor has strong security measures in place to prevent our vulnerability to this attack.

 

Alert 08/1/14

IRS Warns of Pervasive Telephone Scam

As the 2014 filing season nears an end, the Internal Revenue Service today issued another strong warning for consumers to guard against sophisticated and aggressive phone scams targeting taxpayers, including recent immigrants, as reported incidents of this crime continue to rise nationwide. These scams won’t likely end with the filing season so the IRS urges everyone to remain on guard.
The IRS will always send taxpayers a written notification of any tax due via the U.S. mail. The IRS never asks for credit card, debit card or prepaid card information over the telephone. For more information or to report a scam, go to www.irs.govand type "scam" in the search box.

People have reported a particularly aggressive phone scam in the last several months. Immigrants are frequently targeted. Potential victims are threatened with deportation, arrest, having their utilities shut off, or having their driver’s licenses revoked. Callers are frequently insulting or hostile - apparently to scare their potential victims. Potential victims may be told they are entitled to big refunds, or that they owe money that must be paid immediately to the IRS. When unsuccessful the first time, sometimes phone scammers call back trying a new strategy.

Other characteristics of this scam include:

  • Scammers use fake names and IRS badge numbers. They generally use common names and surnames to identify themselves.
  • Scammers may be able to recite the last four digits of a victim’s Social Security number.
  • Scammers spoof the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.
  • Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.
  • Victims hear background noise of other calls being conducted to mimic a call site.
  • After threatening victims with jail time or driver’s license revocation, scammers hang up and others soon call back pretending to be from the local police or DMV, and the caller ID supports their claim.

If you get a phone call from someone claiming to be from the IRS, here’s what you should do:

  • If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue, if there really is such an issue.
  • If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
  • If you’ve been targeted by this scam, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.

Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.
The IRS encourages taxpayers to be vigilant against phone and email scams that use the IRS as a lure. The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS also does not ask for PINs, passwords or similar confidential access information for credit card, bank or other financial accounts. Recipients should not open any attachments or click on any links contained in the message. Instead, forward the e-mail to phishing@irs.gov. More information on how to report phishing scams involving the IRS is available on the genuine IRS website, IRS.gov.

 

Alert 06/18/14

Information about Svpeng and Dyreza Mobile Banking Malware

Recently a mobile banking security threat was discovered. As with any security issue, your security is our top priority. We do not believe our applications are vulnerable at this time and are working with our vendor to understand scope and impact of this new threat.

What is Svpeng?
Svpeng is a new malicious malware, ransomware app for Android devices. Svpeng searches for specific mobile banking apps on the device, then locks the device and demands money to unlock it. In the U.S., Svpeng breaks into a mobile device through a social engineering campaign using text messages. Svpeng capabilities include:
 

  • Spoofing legitimate banking applications
  • Stealing personal banking information
  • Capturing user input, including passwords
  • Sending SMS messages to premium numbers without user’s knowledge resulting in charges
  • Stealing SMS messages
  • Stealing contact information and pictures
  • Tracking user location

What is Dyreza?
Dyreza or “Dyre” is a new family of banking malware that redirects the traffic to malicious servers, while end users think they have a secure connection with their legitimate online banking site. Dyreza is spread through spam e-mail messages such as "Your FED TAX payment ID [random number]" and "RE: Invoice #[random number].” These messages contain a “.zip” file often hosted on legitimate domains, to minimize suspicion.

Opening this file infects the computer with the malware. Using a technique called “browser hooking” Dyrezea views unencrypted web traffic in the Internet Explorer, Chrome and Firefox browsers and captures an end user’s credentials by sending the user to malicious servers, while the end user thinks they are securely connected to their financial institution’s legitimate website.

Is my iPhone vulnerable to Svpeng and Dyreza?
iPhones and Android devices use different operating systems. Svpeng specifically targets the Android operating system. Dyreza does not target mobile devices; it exploits Internet Explorer, Chrome and Firefox browsers.

We recommend end users employ security best practices to proactively mitigate this threat including:
 

  • Installing an antivirus app and keeping it updated
  • Avoiding installing Android apps from third-party websites or unreliable sources
  • Reading the permissions requested by every application before installing
  • Performing regular backup of data stored in Android devices
  • Protecting devices with a password
  • Not viewing or sharing personal information over a public Wi-Fi network
If you have a specific concern regarding your account, please contact Financial Resources at 1.800.933.3280.
 
 

Fraud Prevention & Security Center

Identity theft is an increasingly common and inventive federal crime. Fortunately, there are many preventative measures you can take to substantially reduce the chance of identity theft occurring, as well as steps you can take to minimize damage if you are a victim. Click here to learn more about the preventative measures you can take.

 

Debit Card Protection

In our ongoing efforts to protect our members from Debit card fraud, we may require you to use your PIN when performing certain transactions at major retailers. The PIN provides an extra layer of security when using your Debit card, and allows us to better determine whether a transaction is legitimate or fraudulent. If you have any questions regarding these requirements please contact us at 800-933-3280.

 

If you think you've been a victim of fraud, tell a Credit Union Representative by visiting a branch or calling 800.933.3280, press 4.

Important Resources on Identity Theft:

Click on this link from the Federal Trade Commission (FTC), a National Resource for Identity Theft:

http://www.ftc.gov/bcp/edu/microsites/idtheft/.

Click on this link from The New Jersey State Police for additional information on Identity Theft:

http://www.njsp.org/tech/identity.html.

Click on this link from the Internet Crime Complaint Center to file a complaint with the federal government:

http://www.ic3.gov/