SECURITY INFORMATION ARCHIVE (2011-2012)
By Email -
By Phone -
845.336.4444 / 800.451.8373
Member Alert: MHV Security Impersonators Targeting Members Novemeber 7, 2012
We have been notified that members are receiving an automated message from someone claiming to be from "MHV Security". The message asks members to input their Visa card number, expiration date, and 4-digit PIN. This is a fraudulent act and has no affiliation with MHV; members are advised not to give out any of the requested information, and are advised to hang up the phone.
MHV reminds its members that we would NEVER ask you to send personal information over the phone or via email directly. For further information, please call us at 800.451.8373 or visit your local MHV branch.
Cyberattacks are Again Making Headlines-October 2012
Recent cyberattacks called Distributed Denial of Service (DDoS) have been directed at various banking institutions such as Bank of America and Wells Fargo. As noted on a recent CNN Money* article, these attacks have not been directed at customers, but the financial institution's customer facing online service channels such as their website and online banking. The article states, "Denial of service attacks are an effective but unsophisticated tool that doesn't involve any actual hacking. No data was stolen from the banks, and their transactional systems -- like their ATM networks -- remained unaffected. The aim of the attacks was simply to temporarily knock down the banks' public-facing websites."*
At MHV we take your online security and confidential information very seriously. While we have systems and procedures in place to keep your information safe, it is important that you are made aware of DDos. Below is a list of FAQs on DDoS for your reference.
DDos Cyberattack FAQs:
What is a DDos?
A Distributed Denial of Service attack is a form of cyber attack that may use hundreds or thousands of computers to simultaneously target a particular system in an attempt to overwhelm it with communication. Think of it as hundreds of people yelling in your ear at once.
What damage does a DDoS do?
By itself, a DDoS does no lasting damage. Systems targeted by a DDoS may have their Internet connections overwhelmed or their systems shut down due to excess activity, but these are only temporary.
What affect does a DDoS have on me?
A person attempting to view a website that is being targeted may see very slow response times or the site may appear offline altogether. This is only temporary and the site should be available some time later.
Are my funds safe at MHV?
Yes. We take security very seriously. By it's nature, a DDoS is difficult to defend against however, at MHV, we make use of state of the art technology to help detect such attacks. Furthermore, as mentioned earlier, this type of attack by itself does no permanent damage or 'hack' any secure systems so your account information remains safe.
What can be done to prevent this type of attack?
This is where you, the member comes in. DDoS attacks are typically carried out by criminals using 'Botnets' or computers across the Internet that have been compromised to act as unwitting pawns to carry out the attack. Compromise can happen in various ways but the most common are due to home computers that are not up to date on Antivirus signatures or operating system updates.
The FBI has recently commented on the rise of cyber attacks against financial institutions in the US and among their recommendations are the following:
1) Keep your computer updated (for instance, run Windows updates regularly),
2) Use a reputable Antivirus program and keep it up to date. Run virus scans regularly.
3) Be safe when on the Internet. Watch out for suspicious sounding email and delete if in doubt. 'Think before you click' on links found in email or in search results. Websites may be compromised and can even infect your machine just by visiting them, even briefly.
Be Aware of Phone Tech Scams – September 2012
The newest scam by cybercriminals is to impersonate a helpful person from one of the nation's biggest operating system software companies. This is a foreign-based scam trying to collect credit card and personal information. If you receive a call like this, immediately hang up.
Computer users are reporting receiving calls from someone claiming to be from this software companies’ support team or another department, offering to help solve serious computer problems or sell a software license.
What to Know:
1) Public phone directories allow cyber criminals to know your name and other personal information. They assume you're using a certain manufacturer’s operating system.
2) They may request information from you (e.g., IP address, user name/password), or trick you into installing malicious software by asking you to go to a website to install software that allows them to access your computer to fix it. If this happens, the malicious software can harvest personal and/or financial information.
3) While they appear to be checking your system, they take control of your computer and possibly adjust some settings that will leave your computer vulnerable to future attacks.
4) After the "repair session" is complete, they indicate there's a charge for the services and may ask for your credit card information, direct you to a fraudulent website to collect your credit card information, or request that you log into your online banking account to process the payment. If they acquire access to your online banking account through this method, they will have full ability to initiate money-transferring transactions.
What to Do:
1) If you receive a call from someone claiming to have information about an issue with your computer, immediately hang up.
2) DO NOT allow anyone who calls you to access your computer or credit card information. Be suspicious of unsolicited email, pop-ups, or a phone call warning you of a problem with your computer.
3) If you think you may have downloaded malware, immediately change the passwords for your computer, email account, and any financial accounts.
4) Make sure your computer has up-to-date anti-virus, protective firewall and anti-spyware software. Run a scan to learn if any malware has been installed.
5) Check for the latest security updates available for your operating system.
6) Keep your web browser and other applications up-to-date.
Latest security breach – January 2012
An online shoe and apparel retailer announced on Sunday, January 15, 2012, that hackers had broken into their company’s system through one of its servers and obtained data on its 24+ million customers.
How can you keep yourself safe?
- Always access your sites by typing the URL
- Never click on links in emails
- Change the passwords for your online accounts every 6 months or less
- Don’t use one password for all your accounts, etc...
Email Attacks - MHV Secure
Recent news concerning a large online marketing company compromise of email address and names from the customer databases of over 50 different companies, though not MHV, should serve as a reminder that you:
Don't open emails from people you don't know. If you do take the chance, don't click on links or open attachments if you did not request them yourself.
Don't give out personal information such as account numbers, social security numbers, addresses, etc. No legitimate company would ask for personal information through email.
Keep your anti-virus software up to date.
Could cyber criminals be reading your keystrokes right now?
MHV maintains top level security on our website for your protection. However, keeping your home computers safe and secure from hacking attempts is a responsibility you should take very seriously.
Recently, attacks were carried out affecting hundreds of thousands of home computers worldwide. These computers were infected with a type of harmful computer code called a Trojan. Trojans hide in websites, emails or downloads. Once installed on a computer they can record every type of the keyboard activity, steal confidential information or even open up a PC's security so that it can be controlled remotely.
The latest attack involved a Trojan called Zeus v3 which hides inside advertising on legitimate websites. Once installed on a home computer, the program waits until the user visits their online bank and then secretly records their account details and passwords - using the information to transfer money to other bank accounts.
MHV encourages you to follow these tips for your protection:
- Make sure your anti-virus software is up to date.
- If possible, set up your anti-virus software to update virus definitions and scan your computer automatically.
- Keep firewalls set to the highest level.
- Never open an e-mail attachment from someone you don't know.
- Never double-click on an e-mail attachment that ends in .exe. It is an 'executable' file and can do what it likes in your system.
- Never login to your personal accounts including your home banking on public wi-fi networks such as in restaurants and coffee shops, malls, stores, etc.
- Take caution when accessing personal accounts through your smartphone using wi-fi, 3G or 4G internet connections through a mobile browser or app.
If you are browsing the web unprotected, we urge you to please visit CNET.com and search for anti-virus and internet security software. There you will find more information and reviews to help you decide what level of protection is best for you.
We have seen a large number of "mystery shopper" scams recently. People are receiving a check in the mail, along with paperwork telling them they have been 'selected' as a shopper. They are instructed to deposit the enclosed check in their account, and are then asked to do three (3) things:
- Use a portion of the money to shop at selected stores;
- Keep a small amount of the money for themselves;
- Wire the remainder of the money to an account through Western Union (usually a majority of the amount of the check).
Of course, after the money has been wired back, the original check bounces; the money that was wired back has already been collected by the fraudsters, and the victim is responsible for all of the lost funds. We have seen checks just in the last few months for $1,600 to $2,400. If you receive any types of offers such as this and have any questions at all regarding their authenticity, please bring it to our attention so that we can collect all your information and turn it over to the authorities to investigate. Always exercise caution in any transaction to protect your identity and your assets.
'NORTH AMERICAN' AND 'EUROPEAN' LOTTERY WINNINGS
We are also seeing a number of bogus lottery scams. Members have actually come to the branches with the checks that they've received in the mail. Similar to the 'mystery shopping', people are instructed to deposit the checks and then wire a large sum of money back to the sweepstakes company, often to cover the 'taxes". These are fraudulent; anytime you receive a check that you are not expecting, or that you feel is suspicious, be sure to notify your financial institution.
PLEASE REMEMBER: Anytime you are asked to deposit a check into your own account, and then withdraw money and wire it back to someone, it's most likely a SCAM!
An independent company pulls mortgage information from public records, and then sends the mortgage holders a letter about converting to a weekly or bi-weekly payment plan. They have their letter set up so that our name appears over the member's name in the salutation (and their name does not appear on the letterhead). Therefore, it appears this offer is associated with us…. it's not. The letter invites you to set up a weekly or bi-weekly payment program administered by this company for a one-time setup fee of $195 and a "transfer fee" added to each payment ($1.95 weekly or $3.50 bi-weekly). They claim this will shorten your mortgage term and save you money. That's because splitting a payment in half and paying that amount bi-weekly results in 26 bi-weekly payments, not 24, which is the equivalent of one additional monthly payment each year. You do not need an "administrator" who charges fees to pay down a loan faster; you can do it yourself right here at MHVFCU. You can make additional payments on your mortgage at any time at no extra charge. Please contact us and we would be happy to discuss your options.