Current Threats

Malware

Malware is malicious software used by criminals to gain access to or damage your electronic device without your knowledge, usually for financial gain. Malware includes all types of unwanted software such as computer viruses, worms, trojan horses, spyware and adware. This software can create a pathway for criminals to obtain your personal information. You can protect yourself from malware attacks by regularly updating your security software and backing up your data and files to an external hard drive or reputable cloud storage provider on all your devices, including tablets, computers and smartphones.

Signs You Are a Victim of Malware

Malware attacks can occur on all kinds of devices and operating systems, including Microsoft Windows, macOS, Android and iOS. Malware protection programs don’t always stop every malware threat. Don’t assume that because you have malware software that you can’t become a victim. If you notice any of the following warning signs, malware may have compromised your device’s security:

• Popup advertisements begin appearing on your device
• Your browser gets redirected to a different site or a fraudulent site that looks like the real one you are trying to access
• You receive scary warnings about made-up threats which ask for payment to download and scan your device with a fake antivirus program
• You receive messages demanding payment before you can open your files
• Your system tools like Task Manager or Registry Editor become disabled

What to Do if You Are a Victim of Malware

If you are a victim of Malware, you will need to clean and secure all of your devices.

1. Disconnect your device from your network and close all programs.
2. Do NOT enter any usernames or passwords on your device.
3. Install or update the antivirus software on your device.
4. Scan your device for any virus, spyware, adware or other malware programs.
5. Update your computer’s operating system (e.g., Windows Update or MacOS update).
6. Install a firewall program.
7. If applicable, secure your wireless network.

Text Messaging Fraud – Smishing

Text messaging fraud, or “smishing,” is a type of scam that sends you a fraudulent text message attempting to get you to divulge your personal information, such as online passwords, card numbers and CVV2 codes, or your Social Security number (SSN).

Common scams may claim you will be charged for a service if you don’t click a link and enter your personal information or claim there is fraudulent activity on your account or card. The message will give the appearance that immediate attention is needed and may include a website address, a number to text a response, or a phone number to call. Once the scammer has your information, he or she can apply for new credit or make purchases in your name.

What to Do if You Are a Victim of Smishing

1. Do NOT reply to the message, click on any links, or dial any phone numbers.
2. If the message relates to your Credit Union account(s) or online access, forward a screenshot of the message, including the sender’s number and the body of the text, to notifyus@ncsecu.org so it can be researched.
3. Delete the message.

Email Fraud – Phishing

Email fraud, or "phishing," involves emails that appear to be from a legitimate source but are a criminal attempt to obtain your personal and/or account information. Phishing emails often provide a link that directs you to a fake website and prompts you to enter your personal information.

How to Recognize Phishing

Phishing emails will often look like they are from a company you trust, and the site they direct you to will look almost identical to the legitimate one. However, logos or fonts may not be consistent with those found in legitimate correspondence, or the email may use improper grammar or omit your name. Scammers try to trick you into clicking a link or opening an attachment by doing any of the following:

• Saying they’ve noticed suspicious activity or log-in attempts on your account
• Claiming there’s a problem with your account or payment information
• Saying you must confirm personal information or act immediately in some way or something bad will happen
• Sending a fake invoice
• Saying you’re eligible for a refund or coupon for free stuff

It is important to remember that State Employees' Credit Union never requests personal information from you via email, as email is not a secure method of communication. View an example of a recent phishing scam.

What to Do if You Are a Victim of Phishing

1. Do NOT click any links in or reply to a suspicious email.
2. Do NOT enter any requested information or open any attachments.
3. Contact your local branch or 24/7 Member Services at (888) 732-8562 immediately.
4. If the email relates your Credit Union account(s) or online access, forward it to notifyus@ncsecu.org so it can be researched.

If you responded to a phishing email or opened any attachments, update any compromised passwords and your security software and scan your device for possible malware.

Voice Messaging Fraud – Vishing

Voice messaging fraud, or "vishing," is facilitated through a Voice Over Internet Phone (VoIP) service that impersonates an individual or legitimate business to gain access to your personal and financial information. Scammers can spoof legitimate phone numbers and create fake caller ID profiles that lead you to believe the call is legitimate.

With this scam you may receive a call from an actual person or an automated recorded message that gives you a phone number to call back. The message will give the appearance that immediate attention is needed. The caller will pretend to be from a trusted source like the Credit Union or the Internal Revenue Service (IRS) and ask for your personal or account information, or they may say you’ve won a prize and ask for payment information for a redemption fee.

What to Do if You Are a Victim of Vishing

1. Do NOT answer calls from unknown numbers.
2. If you receive a voicemail from an unknown source, do NOT respond to the message in any way.
3. If the voicemail relates to your Credit Union account(s) or online access, contact your local branch or 24/7 Member Services at (888) 732-8562 immediately.
4. Delete the message.

If you answer a vishing call, don’t give in to pressure or panic. None of your sensitive data like passwords or account numbers can be transmitted simply through answering the call. If someone tries to coerce you into giving out this sensitive information, hang up and report the call immediately to either of the following:

• FTC online Complaint Assistant or call (888) 382-1222
• FBI Internet Crime Complaint Center

It is important to remember that State Employees' Credit Union never reveals account information in voicemail messages, and will not ask you to verify your identity with account numbers, passwords or card PINs.

Online Auction or Lottery Fraud – Wire Scams

Wire transfer fraud can occur when you sell items through an online auction service or if you are contacted by a fake lottery. In these scenarios, the scammer usually sends you a check for more than the amount you are expecting, and asks you to deposit the funds and wire back the difference. The check is typically returned to the Credit Union as fraudulent by the scammer’s financial institution, and your account is debited for the amount of the check.

For example, in a common online auction scam where you are selling merchandise through an auction site, the buyer sends you a check that is for more than the asking price. When you contact the buyer to let him/her know of the error, the buyer apologizes and states he/she sent you the wrong check. The buyer then asks you to deposit the check anyway and wire the extra funds back to a specific account.

In a lottery scam, you may be contacted via email, phone or regular mail by a scammer saying you’ve won a large sum of money. If you are contacted through regular mail, you usually receive a check for an amount larger than the winnings and are asked to wire the excess portion of funds back to the scammer for a processing fee. In email or phone scams, you are asked to wire the processing fee up front before you can receive any winnings.

Always remember that in a legitimate lottery, you must have purchased a ticket to participate, and any taxes or fees are deducted from the winnings.

What to Do if You Are a Victim of a Wire Scam

1. Do NOT wire funds to anyone as reimbursement for overpayment.
2. Do NOT deposit or cash any check sent to you.
3. Bring the check to your local branch for investigation and contact local law enforcement.

Fraudulent Webpages

Search engines, such as Google, Bing and Yahoo, are commonly used to find information on the Internet. However, the search engine does not necessarily know if webpages listed in your search results are legitimate or contain suspicious activity. Always be cautious when visiting unknown websites or viewing videos. If you visit a fraudulent webpage or video, you may unknowingly download malware to your computer and/or the page will request personal or financial information.

Look for the following before entering any sensitive information online:

• HTTPS in the URL – HTTPS is a secure version of HTTP (hypertext transfer protocol). Communication done through HTTP can be intercepted, manipulated or stolen. Never enter personal or financial information on an HTTP site.
• Padlock icon or Green Address Bar/Extended Validation (EV) Name Badge shown in the address bar – Both of these icons indicate the website is using HTTPS and you have a secure connection.