Fraud and High Risk Alerts
HOME DEPOT COMPROMISE ALERT
On September 8th 2014 Home Depot confirmed its payment data systems had been breached.
This breach could potentially impact customers using payment cards at its U.S. and Canadian stores. There is no evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com. The timeline for this breach is April 11th to September 7th 2014.
The Credit Union has been notified of potentially compromised cards, but we have not yet experienced any fraud from this compromise. We are in the process of determining how best to protect those cardholders.
As always, PLEASE, monitor your accounts and immediately report any unauthorized or suspicious activity on your account. You, are the best defense against fraud!
Home Depot is offering services for those affected. See below.
“The Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on. Customers who wish to take advantage of these services can learn more at www.homedepot.com or by calling 1-800-HOMEDEPOT (800-466-3337).
Albertson’s and Supervalue Hacked
The chains announced the data breach Friday morning. The massive hack impacts their umbrella of stores, as well which includes Albertson's Acme, Jewel-Osco, Shaw's and Star Market supermarkets, as well as SuperValu's Cub Foods, Hornbacher's, Farm Fresh, Shop 'N Save and Shoppers Food & Pharmacy. It is believed all Albertson's stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah could be affected. The dates of the compromise appear to be June 22 through July 17.
The Idaho-based company says it has not determined that any cardholder data was stolen and has no evidence of misuse of any such data. Albertson’s officials say they believe the breach has been contained. SuperValu said the virtual break-in affected credit cards swiped at 228 stores.
Please review your credit and debit accounts if you shopped at these stores during the above dates monitor your account for any fraudulent purchases. Contact us with questions or if fraud has occurred on your account.
August 15, 2014
Report of Passwords Compromise
There has been a reported discovery that a Russian crime ring has collected 1.2 billion user-name and password combinations. The massive hacking involves confidential material from 420,000 websites, according to the security firm Hold Security. What should you do? At the very least, you should change your passwords for sites involving sensitive information, including financial, credit card and health information.
Here are several helpful ways to increase your online security in the face of these and other threats...
- Set an alert on your home banking to notify you anytime you or anyone else logs into your home banking account. To accomplish this sign on and go to Online Services and select Member Alerts. You will find this selection there along with many others.
- Change your passwords frequently.
- Create unique passwords. Don’t use 12345, your middle name, your mother’s maiden name etc. as these are easy to discern or to find in a search.
- Don’t use the same password for all your online passwords.
April 11, 2014
DATA COMPROMISE – HEARTBLEED
Our credit union home banking site was determined NOT to be compromised nor have we found any areas of operation to be affected.
An OpenSSL vulnerability was recently discovered that can potentially impact internet communications and transmissions that were otherwise intended to be encrypted. According to open source reports, the vulnerability has existed since 2012, but was only recently discovered. Many vendors have already begun issuing patches and have information posted on their websites and portals addressing the vulnerability and a plan of action. For example, as of 9 April 2014 entities like Google, Facebook, and Yahoo implemented patches to fix the vulnerability. Additionally, web browsers Firefox, Chrome, and Internet Explorer on Windows OS all use Windows cryptographic implementation, not OpenSSL, so they are not impacted; however, consumers should still use caution until the vulnerability has been fully addressed.
- Changing passwords is strongly recommended, but only after the vulnerability has been fully addressed.
- Changing passwords before the vulnerability is fixed could still leave consumers vulnerable.
- Closely monitoring email accounts, bank accounts, social media accounts, and other online assets are strongly recommended.
- Once the vulnerability has been addressed, ensuring that visited websites requiring personal information such as login credentials or credit card information all are secure with the HTTPS identifier in the address bar
December 19, 2013
December 16, 2013
December 6, 2013
New Fraud Alert!
December 6, 2013
If you receive a call informing you that your credit/debit card
has been compromised and asking you to report your card number
along with personal information...
Hang up and do not give out any personal information!
DO NOT GIVE YOUR INFORMATION.
THIS IS A SCAM!
We at Unified People's are the only ones that can block your debit card.
Please call Unified People's if you have any questions.
Sept. 20, 2013
Sept. 18, 2013
FRAUD ADVISORY FROM CHEYENNE LIGHT, FUEL & POWER
Cheyenne Light, Fuel & Power received a report today of yet another scam involving unknown parties impersonating Cheyenne Light personnel and demanding money.
According to the report, the fraudulent caller tells CLFP customers their electricity will be disconnected if they don’t pay a specified amount by purchasing a pre-paid visa card. The fraud then tells the customer they would pick up the cash card at the customer’s home.
The Cheyenne Police Department is aware of this scam. If you suspect fraud, immediately contact local law enforcement. If you have concerns or questions about Cheyenne Light employees, call Cheyenne Light at 866-264-8003
It’s important to know that scammers can cause caller ID displays to mimic legitimate companies, making it appear as if the call is legitimate.
These scams often start with different stories and can involve any utility provider or other type of business. Regardless, the way to avoid falling victim is usually the same:
- Do not provide your Social Security number, credit card numbers, or bank account information to anyone who requests that information during an unsolicited phone call or an unannounced visit.
- If someone calls claiming they represent your local utility provider and they demand immediate payment or personal information, hang up and call the customer service number on your utility bill. Do not give in to a high-pressure call seeking personal information.
- Never allow anyone into your home for an unannounced visit to check your electrical wiring, cable or phone lines, natural gas pipes, or your appliances unless you have scheduled an appointment or are aware of a confirmed problem. Anytime a utility employee arrives at your door, require the employee to produce proper identification, and do not hesitate to confirm the visit with the utility company via a phone call before permitting any access to your property.
- Cheyenne Light employees carry company-issued photo identification at all times and would be happy to have you contact our customer service number listed to verify their identity.
September 3, 2013
July 9, 2013
RISK ALERT – FBI Indicates that Spear-Fishing Attacks are on the Increase
The complete story is posted at: http://www.ic3.gov/media/2013/130625.aspx
- Online businesses, including credit unions and merchants will not ask for personal information, such as usernames and passwords, via e-mail. When in doubt call the credit union or company directly.
- Avoid using the telephone number contained in the e-mail, which is likely to be fraudulent as well.
- Avoid following links sent in e-mails, from a business or credit union advising that your account information needs updated.
- Keep your computer’s anti-virus software and firewalls updated.
- If you believe you may have fallen victim to a spear-phishing attack, file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov/.
Vendini Inc. an event ticketing company nationwide was hacked in late March, they relay that the criminals may have accessed “... personal information, such as name, mailing address, email address, phone number, and credit card numbers and expiration dates that belong to our consumer-patrons.” Vendini provides box-office and online ticketing services to hundreds of Vendini members, which include tour, casino, sports, arts, and entertainment venues and promoters across the U.S. and Canada.
If you have used your card with this vendor please keep an eye on your account or come into the credit union for a new card. Vendini will not contact you for information so as usual do not give out any information about your account or card numbers. Internet banking is the best way to monitor your account.
- If you are a consumer-patron of Vendini, and you wish to learn more about this incident, please http://www.vendini.com/info/ or contact them toll-free at 1-800-836-0473.
- If you are a Vendini member, please contact your member advocate, or Vendini toll-free at 1(800) 901-7173.
May 17, 2013
New Fraud Alert!
If you receive an email regarding your Visa debit card being blocked or a message from Wal-Mart and they direct you to go to the provided web page...
DO NOT GO!
DO NOT GIVE YOUR INFORMATION. THIS IS A SCAM!
Even though the web pages look very real they are not!
We at Unified People's are the only ones that can block your debit card. This is a highly technical scam group that is stealing your financial information.
Please call Unified People's if you have any questions.