UPDATE 11/22/2011

 Holiday Shopping Alert

As the holiday season approaches, it is important to be aware of potential scams. Con artists are working hard to get their hands on your member’s money as well as personal and financial information. To help reduce the risk and protect credit union members, we offer a list of potential scams along with tips for a safer and smarter holiday shopping season. For more information...

UPDATE 02/17/2011

PHISHING PHONE CALLS

PLEASE BE AWARE: We have been made aware of some phone calls that some members have recently received from a source asking for personal information including credit card number information. This phone call requesting personal account information is a phishing scam attempting to obtain your account information. If you receive a phone call saying that your rate can be lowered, your Heritage Valley credit card has been deactivated and need to enter your card number to reactivate, or are asked to give your card information for any other reason, DO NOT give out your information, it is a scam. These phone calls are an attempt to steal member’s information. If you have responded to any of these type inquiries, please contact us immediately at (717)840-4981 so that we may ensure the protection of your account. At this point, we do not know the source of the calls but are seeking to find and shutdown the source. Please remember, any trusted financial institution will not ask you for your card number and/or PIN. If you are unsure of a caller's authenticity, hang up and call back using a trusted, known number for that organization. Thank you. 

UPDATE 10/7/2010

Phishing Attempt – E-mail Solicitation Using NCUA Address

We have received notification from the NCUA that they have recently experienced a phishing attempt to obtain member credit card account numbers, expiration dates and electronic signatures. In cases reported to NCUA, the perpetrator(s) sent fraudulent e-mails, representing to be from the NCUA, to credit union members and the general public. The emails state the NCUA will add $50.00 to the member’s account for taking part in a survey. The link embedded in the message directs members to a counterfeit version of NCUA’s website with an illicit survey that solicits credit card account numbers and confidential personal information.

To avoid falling victim to this scam or if you have, please see the information and instructions below:

The NCUA will never ask credit union members or the general public for personal account or personally identifiable information as part of a survey. Any e-mail that alleges to be from NCUA and asks for account information is fraudulent and should be treated as suspicious. The NCUA  has taken steps to shut this site down, but you should remain alert to possible variations of this fraudulent e-mail.

Any users who clicked on any of the e-mail links should consult with a computer security or anti-virus specialist to assess the need to re-install a clean image of the computer system and take the following additional precautions:

• Scan affected computers using updated anti-virus software.
• Enable automatic updates for anti-virus software and computer operating systems.
• Install security patches for common software applications promptly.
• Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software.
• Do not open unsolicited or unexpected e-mail attachments.
• Do not follow Web links in unsolicited e-mails from apparent federal banking agencies, instead, bookmark or type the agency's Web address.
• Call the agency using a known and appropriate telephone number to verify the legitimacy of the message and attached file.  Do not use any information provided within the phishing email.

If affected by this scam, and variants of this scam, please forward the entire e-mail message to Phishing@ncua.gov.

Formal complaints concerning any suspected fraudulent e-mail can be filed with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov , a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.

- E. Jane Gee, VP Security & Compliance

UPDATE 7/19/2010

PHISHING EMAILS & PHONE CALLS

PLEASE BE AWARE: We have been made aware of an email message and some phone calls that some members and non-members have recently received from a source posing to be Heritage Valley. Both the email message and phone call requesting personal account information is a phishing scam attempting to obtain your account information. A copy of the email is below. Do not click on the link as it leads you to a site which is not heritagevalleyfcu.org. If you receive a phone call saying that your Heritage Valley credit card has been deactivated and need to enter your card number to reactivate, DO NOT give out your information, it is as scam. Both the email and phone call is an attempt to steal member’s information. If you have responded to either of these inquiries, please contact us immediately at (717)840-4981 so that we may ensure the protection of your account. Also, if you have the phone number that the phone call came from, please contact us so that we may investigate it further. At this point, we do not know the source of the calls. Thank you.
 - Jeremey M. Sterner, VP Information Technology
 
Copy of SPAM email from address custmr.inf@hvfcu.org
 
Dear Heritage Valley FCU Customer,
We found some issues on your account.
Please review your account profile as soon as possible.
http://www.heritagevalleyfcu.org
Copyright © 1998-2006 Cavion, LLC. All Rights Reserved.

 
Tips to protect yourself from phishing scams…
Never reply to unsolicited messages or click on any links in messages no matter how legitimate they look, unless you are absolutely certain of the source and legitimacy. Don't do it even if they appear to have part of your information already, such as an account number (this is a popular phishing technique). Always go to the website by typing in the address or through a bookmark. If appears to be from a financial institution, call using the phone number on a recent statement and verify the request.

Don’t be fooled by an email that looks legitimate or appears to link to a genuine website. If you think the email may be genuine, ALWAYS contact your financial institution to confirm an email’s legitimacy before replying. Your best defense is to delete the email right away.

• NEVER send money or give credit card or online account details to anyone you do not know and trust.
• Do not give out your personal, credit card or online account details over the phone unless you made the call and know that the phone number came from a trusted source. If someone calls you, don’t be afraid to ask to call them back and then call from a trusted and known number to verify you know who is calling.
• Do not open suspicious or unsolicited emails (spam)—ignore them. You can report spam to us at info@heritagevalleyfcu.org. If you do not wish to report the message, simply delete it.
• Do not click on any links in a spam email or open any files attached to them.
• Never call a telephone number that you see in a spam email or SMS.
• If you want to access an internet account website, use a bookmarked link or type the address in yourself—NEVER follow a link in an email.
• Check the website address carefully. Scammers often set up fake websites with very similar addresses.
• Never enter your personal, credit card or online account information on a website if you are not certain it is genuine.
• Never send your personal, credit card or online account details through an email.
• NEVER give your personal or bank account details to people you don’t know and trust.

For more tips and information on how to keep yourself and your computer safe online, check out our Identity Protection page and regularly check out this Security Alerts page.

Finally, please report any suspicious emails involving your Heritage Valley account to info@heritagevalleyfcu.org. Our number one goal is keeping your information protected. Questions or concerns, please contact us at (717)840-4981.

UPDATE 1/22/2010

Computer Virus Alert!: ZueS/Zbot Trojan - This could affect your computer.

Due to the rise in the number of affected computers by a new virus known as ZeuS or Zbot Trojan, We wanted to remind you will NEVER ask for your credit card number, full Social Security number or account number to verify your identity. If you ever receive a computer screen that asks for any of these items of information, DO NOT comply with the request, close your Internet browser and call us at the number below. Please make sure your anti-virus software is up to date to prevent against these viruses.

What makes this new virus so dangerous is that it can imitate many of the security features legitimate Websites typically use to alert a visitor that they are viewing a secure page. If affected by this virus, you might be directed to a false Web page that looks similar to one you intend to visit, including actual images and similar page design. The virus is commonly called “Zeus” and is relatively new. This is what the Times of London has written about the virus:

The virus bypasses security safeguards to record online bank account details, passwords and credit card numbers. It also copies passwords for social networking sites before causing each computer to forward the data to servers under the control of the hackers. It has emerged in several guises, including a false Facebook page that encouraged users to download a software update.”

How It Works

Once your computer is infected with the “Zeus” virus, it waits for your Internet browser to request a secure online banking page. It then redirects your browser to a false site that includes “screen shots” of the legitimate site so that the user suspects nothing is wrong. The false site may include a secure sign in block that, when used, prompts the user for Multi-factor Authentication information much the same way that a legitimate secure site often will. At this point the false site is attempting to get the user to enter personal information such as a credit card number, expiration date, PIN number, etc.

What should you do if you encounter similar screens when attempting to log in to HV@Home Online Banking? Please DO NOT enter any personal information. Close your browser and contact us immediately at (717)840-4981. To protect you from this and other viruses, please make sure your anti-virus software is up to date regularly. Once your anti-virus software is updated, please be sure to run a system scan.

*For more information and additional resources on how to keep your information safe, please visit our Identity Protection page and continue to check this page regularly for updated alerts and information.