Our Security Center is full of helpful information about protecting the security of your accounts, personal information, home computer, and your identity.
‘Zelle Fraud’ Scam
Zelle is a popular “peer-to-peer” (P2P) payment serviced used by many financial institutions to allow their customers/members to send money to other people. Although EECU does not offer Zelle, we want you to be aware of this scam involving financial institutions that offer Zelle.
Victims receive a text message from the scammer that appears to be from their financial institution regarding a Zelle payment. After responding to the text message, they receive a call from the scammer that appears to be from their financial institution – the scammer has spoofed the phone number to make it appear as though the call is coming from their financial institution. They inform the victim that they can reverse the unauthorized Zelle transaction and all they need is the victim’s online banking user name so they can verify their identity.
Armed with the user name, the scammer then uses the Forgot Password feature to gain access to the victim’s online account. A one-time authentication passcode is sent as part of the Forgot Password feature, and the scammer asks them to read the code back. With the code, the scammer can now complete the password reset process, gain access to the victim’s online account, and transfer money out of the account using Zelle.
EECU and other financial institutions will never ask you for your online banking password, authentication passcodes, or other login specific information. If you receive a text message or call like this, do not give out your online banking credentials or account information. Do not reply; delete the message and hang up on the caller. Call your financial institution directly if you have questions about a transaction or account activity.
If you use Zelle, we encourage you to visit their website for resources and tips for safe payments using Zelle. https://www.zellepay.com/financial-education/resources-tips-safe-payments
Phone, text and email scams
Don’t rely on caller ID as verification of who is calling. Scammers can spoof phone numbers to make it look like the call is coming from your bank, Social Security Administration, the IRS, or another company. Call the company using the phone number on their website or an account statement to determine if the request is legitimate. Be very cautious of phone calls, texts and emails requesting your personal information, such as your debit or credit card number, Social Security number, password, account numbers and other personal information, and be sure to contact us if you fall victim to one of these types of scams
Coronavirus scams are on the rise. Learn how you can protect yourself from check relief scams, robocalls, fake texts and emails, malware, fraudulent donation requests, and more by visiting the Federal Trade Commission website. For up-to-date information about economic impact stimulus checks, visit the IRS website and select the Economic Impact Payment link.
Be very cautious of texts, emails and phone calls requesting your personal information, such as your debit or credit card number, Social Security number, passwords, account number and other personal information. EECU will never call, email or text you and ask for this information.
Gift Card Payment Scam
If you are asked to purchase a gift card to pay for something, it’s a scam. Anyone who demands payment by gift card is always a scammer. Read this Federal Trade Commission article about gift card scams for more information.
It is important to understand how to recognize internet scams. Internet crime schemes steal millions of dollars each year from unsuspecting victims. The Internet Crime Complaint Center is a great resource of information regarding Internet Crime. It has been established through a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
Protect Yourself from Card Cracking Scams
Card cracking is a type of account fraud. Scammers promise money or some other form of payment in exchange for access to your account. You may be asked for your bank account information, debit card PIN, or online banking credentials. Once the scammer has access to your account they deposit fraudulent checks and then quickly withdraw the money at ATMs before the fake check(s) is discovered; they may give some of the cash to you. When the check bounces and causes your account to go into the negative because you gave the scammer your debit card, PIN, or online banking login, you are responsible for paying that money back.
Remember, if something sounds too good to be true it probably is. Never give your account credentials, debit card PIN or other personal information to someone else.
Protect Yourself from Ransomware Scams
Individuals and businesses have become targets to a growing online fraud scheme known as ransomware.
Ransomware is a form of malware used by cyber criminals to freeze your computer or mobile device, steal your data and demand that a “ransom” — typically anywhere from a couple of hundreds to thousands of dollars — be paid.
According to the FBI, ransomware victims lost more than $18 million between April 2014 and June 2015. Here are some tips to help you combat these malicious threats.
- Don’t click. Visiting unsafe, suspicious or fake websites can lead to the intrusion of malware. Be cautious when opening e-mails or attachments you don’t recognize even if the message comes from someone in your contact list.
- Always back up your files. By maintaining offline copies of your personal information, ransomware scams will have a limited impact on you. If targeted, you will be less inclined to take heed to threats posed by cyber criminals.
- Keep your computers and mobile devices up to date. Having the latest security software, web browser and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Enable popup blockers. To prevent popups, turn on popup blockers to avert unwanted ads, popups or browser malware from constantly appearing on your computer screen. Source: American Bankers Association
Phishing Email Scam Uses EECU Name
An email directed at consumers (not necessarily EECU members) is using the EECU name but is actually a phishing email – an attempt to get you to click a link and then enter your personal information. The email reads:
EECU Credit Union Service
Your Contact Information Has Been Updated
You have 1 new Security message from EECU Credit Union to view the update kindly click below.
As this e-mail is an automated message, we can’t reply to any e-mails sent by return.
Copyright (C) 2017
EECU Credit Union. EECU Credit Union Administrator Services
If you receive this email, DO NOT click the link or reply to the email. If you received this email and you clicked the link and provided your personal information, please call our Member Service Center immediately at 1-800-538-3328 or visit a branch and we will assist you.
Remember – EECU will never send you an email asking you to click a link to provide your personal information. For more information about how to spot and protect against a phishing email, read our Don’t Get Phished guide. If you receive a suspicious email, you may forward it to [email protected].
Phishing Text Requests Card Info
If you receive a text message requesting your debit/credit card PIN, card number, expiration date, etc. – DO NOT reply! This is a scam and an attempt to obtain your card information. Be very cautious of texts and emails requesting your personal information, and be sure to contact us if you fall victim to one of these types of scams.
CoreBot is a new InfoStealer malware
You may be hearing about the CoreBot malware in the news. As with any security issue, your security is our top priority. In order to minimize risk to CoreBot and other forms of malware, we recommend standard security best practices for all devices you use to access digital banking. These best practices include: Up-to-date malware (endpoint) protection software in addition to anti-virus software. Use a firewall when entering personal information. Use different passwords for each system/website accessed. Disabling AutoPlay to prevent the automatic launching of executable files. Do not open attachments unless you expect them.
Samsung Swiftkey Vulnerability
If you use a Samsung Galaxy phone, as a security best practice, we recommend that your device is configured to automatically receive the security update from Samsung once it is available. If you have questions about the security update, you should contact your carrier.> >We also recommend that you minimize the use of unsecure wireless networks for private information such as mobile banking until the security update is available.
Your security is our top priority. Our online banking vendor has confirmed that they are not impacted by Logjam. However, we recommend you follow best practices for safe web surfing including keeping up-to-date on security patches and current versions of your browser on your personal computer.
- Do not respond to emails (or open attachments) that suggest that you must act immediately or that the situation is so urgent that you must take action today or risk legal action. Some examples are notices from a government agency (courts, IRS, etc.) and shipment notices or invoices for things you haven't purchased. These types of emails are often the source of virus and worm infections.
- Keep virus software current on every computer, especially those you use to conduct financial transactions over the Internet.
- Keep computers patched with current Microsoft fixes, especially those you use to conduct financial transactions over the Internet.
Secret Shopper Scam
EECU Cashier's Checks Used In Secret Shopper Scam
Recently a group of fraudsters have created counterfeit EECU checks and are sending them to unsuspecting consumers.
These checks are fake. If you receive one of these checks, DO NOT CASH or DEPOSIT.
A sample of a fake check is shown below.
Online and mobile banking are part of daily life. Click on one of the links below to learn more about securing your devices, cyber-security, phishing and internet fraud, and more.
OnGuardOnline.gov provides tips from the federal government and technology industry to help you be on guard against Internet fraud and protect your personal information.
- Install mobile applications from trusted sources, and review the application vendor prior to download.
- Do not download software or applications from third-party application platforms or untrusted Web sites.
- Review application permissions during installation; ensure permissions requested are appropriate for the type of application being downloaded.
- Install and regularly update the Android operating system.
- Do not use jailbroken Android devices, as such devices will not receive automatic updates.
- Install and regularly update anti-virus or anti-malware software on Android devices.
- Do not open or click on hyperlinks in SMS, MMS, or e-mail messages from unknown or suspicious sources.
- Do not open attachments included in unsolicited e-mails.
- Consider downloading an ad blocker to enable the device’s browser to block advertisements and pop-ups.
- Use only secured wireless connections to access the Internet, taking extreme caution when accessing public Wi-Fi connections.
The information below will assist you in protecting yourself against fraud and identity theft. If you're a member of EECU and you feel that you have been a victim of identity theft, please contact us immediately. We can help you.
- Have your card ready before approaching the ATM. Memorize your PIN, never write it on the back of the card.
- Be extra cautious at night. Bring a friend whenever possible and always choose well-lit ATMs.
- Scan your surrounding area for suspicious activity. If for any reason you aren’t comfortable, report unusual activity as soon as possible and use another ATM location.
- Conceal the number pad with your body when entering your PIN so others cannot see your code.
- Take your transaction receipt.
- Do not provide information about your account or PIN to strangers, not even the credit union.
- Do not allow strangers to assist you while using an ATM.
- If you lose your card, your PIN is compromised, or you discover suspicious transactions on your monthly statement, notify the credit union immediately.
- Never count cash at the machine or in public. Wait until you are in your car or another secure place.
- If you are involved in a confrontation with an assailant who demands your money, COMPLY.
Mail Safety Tips
- If you do not have a mailbox with a lock, be sure to pick up your incoming mail every day. Or, consider using a P.O. Box.
- Take outgoing mail to the Post Office.
- Shred all offers of credit that you receive in the mail and do not plan to use. Never dispose of these items in the trash without first shredding them.
- Make a list of all bills and statements you receive and the dates you normally receive them. If you're expecting a bill and you do not receive it, contact the issuer right away.
Telephone Safety Tips
- Never give private information, such as social security number, account or credit card numbers, passwords, etc. over the phone unless you initiated the call.
- A credit union employee will not call you and ask you to provide sensitive account information. You may receive a call from someone claiming to be a credit union employee, and they may ask for your account information (such as your credit card number, account number, etc.). In some cases, the caller has already obtained one identifying piece of information (such as your Social Security Number) and will use this to persuade you that the call is legitimate and that you need to provide additional account information. Do not provide the caller with any sensitive or personal information. Remember - the credit union will not call you and ask for this information.
- Don't agree to any offer or prize where you have to pay a registration or shipping fee, or send money, to claim the "prize."
- Check out charities before you give. Ask for written information before you make a donation.
- Don't be pressured to make an immediate decision.
Password Safety Tips
- Never write your password/PIN down where someone can find it.
- Do not send your password or any other personally identifying information (i.e. social security number, account number, etc.) via e-mail.
- Avoid easy-to-guess passwords/PINs - like birthdays, anniversaries, phone numbers, names, etc. Use a combination of letters, numbers and symbols for passwords.
- Keep your password/PIN private.
Card Safety Tips
Security experts have reported an increase in card skimming, which is the illegal collection of your personal and account information from the magnetic stripe of a credit, debit or ATM card. Read our Financial Fraud Update – Card Skimming brochure to learn more about card skimming and what you can do to help prevent it from happening to you.
Identity theft occurs when someone uses your personal information to obtain access to your existing accounts, or open new accounts or credit lines in your name. Thieves may gain access to your personal information in a number of ways:
Personal information stolen from your purse or wallet
Home break in
Dumpster diving (stealing trash with personal information from a residential or business trash receptacle)
Personal information on your imprinted checks
Medical or school records that are accessed by an untrustworthy employee
Information you provide to a fraudulent telemarketer
Information you supply over the Internet
Thieves are also obtaining children’s Social Security numbers to commit identity theft. The Federal Trade Commission (FTC) provides helpful information about how you can safeguard your child’s information and help minimize their risk of identity theft. Click here to learn more.
Review our Identity Theft Toolkit to learn more about how to protect yourself.
Review the FTC Consumer Information related to Identity Theft
How to Report Fraud
Fraudulent emails and websites:
Suspicious online transactions:
(559) 437-7700 or 1-800-538-3328
Report a lost or stolen EECU ATM/Debit Card:
Within the U.S.
Outside of the U.S.
Report a lost or stolen EECU Visa Credit Card:
Within the U.S.
Outside of the U.S.
Call collect +1-303-967-1096