UPDATE 7/19/2010

PHISHING EMAILS & PHONE CALLS

PLEASE BE AWARE: We have been made aware of an email message and some phone calls that some members and non-members have recently received from a source posing to be Heritage Valley. Both the email message and phone call requesting personal account information is a phishing scam attempting to obtain your account information. A copy of the email is below. Do not click on the link as it leads you to a site which is not heritagevalleyfcu.org. If you receive a phone call saying that your Heritage Valley credit card has been deactivated and need to enter your card number to reactivate, DO NOT give out your information, it is as scam. Both the email and phone call is an attempt to steal member’s information. If you have responded to either of these inquiries, please contact us immediately at (717)840-4981 so that we may ensure the protection of your account. Also, if you have the phone number that the phone call came from, please contact us so that we may investigate it further. At this point, we do not know the source of the calls. Thank you.
 - Jeremey M. Sterner, VP Information Technology
 
Copy of SPAM email from address custmr.inf@hvfcu.org
 
Dear Heritage Valley FCU Customer,
We found some issues on your account.
Please review your account profile as soon as possible.
http://www.heritagevalleyfcu.org
Copyright © 1998-2006 Cavion, LLC. All Rights Reserved.

 
Tips to protect yourself from phishing scams…
Never reply to unsolicited messages or click on any links in messages no matter how legitimate they look, unless you are absolutely certain of the source and legitimacy. Don't do it even if they appear to have part of your information already, such as an account number (this is a popular phishing technique). Always go to the website by typing in the address or through a bookmark. If appears to be from a financial institution, call using the phone number on a recent statement and verify the request.

Don’t be fooled by an email that looks legitimate or appears to link to a genuine website. If you think the email may be genuine, ALWAYS contact your financial institution to confirm an email’s legitimacy before replying. Your best defense is to delete the email right away.

• NEVER send money or give credit card or online account details to anyone you do not know and trust.
• Do not give out your personal, credit card or online account details over the phone unless you made the call and know that the phone number came from a trusted source. If someone calls you, don’t be afraid to ask to call them back and then call from a trusted and known number to verify you know who is calling.
• Do not open suspicious or unsolicited emails (spam)—ignore them. You can report spam to us at info@heritagevalleyfcu.org. If you do not wish to report the message, simply delete it.
• Do not click on any links in a spam email or open any files attached to them.
• Never call a telephone number that you see in a spam email or SMS.
• If you want to access an internet account website, use a bookmarked link or type the address in yourself—NEVER follow a link in an email.
• Check the website address carefully. Scammers often set up fake websites with very similar addresses.
• Never enter your personal, credit card or online account information on a website if you are not certain it is genuine.
• Never send your personal, credit card or online account details through an email.
• NEVER give your personal or bank account details to people you don’t know and trust.

For more tips and information on how to keep yourself and your computer safe online, check out our Identity Protection page and regularly check out this Security Alerts page.

Finally, please report any suspicious emails involving your Heritage Valley account to info@heritagevalleyfcu.org. Our number one goal is keeping your information protected. Questions or concerns, please contact us at (717)840-4981.

UPDATE 1/22/2010

Computer Virus Alert!: ZueS/Zbot Trojan - This could affect your computer.

Due to the rise in the number of affected computers by a new virus known as ZeuS or Zbot Trojan, We wanted to remind you will NEVER ask for your credit card number, full Social Security number or account number to verify your identity. If you ever receive a computer screen that asks for any of these items of information, DO NOT comply with the request, close your Internet browser and call us at the number below. Please make sure your anti-virus software is up to date to prevent against these viruses.

What makes this new virus so dangerous is that it can imitate many of the security features legitimate Websites typically use to alert a visitor that they are viewing a secure page. If affected by this virus, you might be directed to a false Web page that looks similar to one you intend to visit, including actual images and similar page design. The virus is commonly called “Zeus” and is relatively new. This is what the Times of London has written about the virus:

The virus bypasses security safeguards to record online bank account details, passwords and credit card numbers. It also copies passwords for social networking sites before causing each computer to forward the data to servers under the control of the hackers. It has emerged in several guises, including a false Facebook page that encouraged users to download a software update.”

How It Works

Once your computer is infected with the “Zeus” virus, it waits for your Internet browser to request a secure online banking page. It then redirects your browser to a false site that includes “screen shots” of the legitimate site so that the user suspects nothing is wrong. The false site may include a secure sign in block that, when used, prompts the user for Multi-factor Authentication information much the same way that a legitimate secure site often will. At this point the false site is attempting to get the user to enter personal information such as a credit card number, expiration date, PIN number, etc.

What should you do if you encounter similar screens when attempting to log in to HV@Home Online Banking? Please DO NOT enter any personal information. Close your browser and contact us immediately at (717)840-4981. To protect you from this and other viruses, please make sure your anti-virus software is up to date regularly. Once your anti-virus software is updated, please be sure to run a system scan.

*For more information and additional resources on how to keep your information safe, please visit our Identity Protection page and continue to check this page regularly for updated alerts and information.