Identity Theft Alerts
Member-Reported IRS Phishing Scams – September 2016
We recently received information from members who received a phone call from someone claiming to be with the IRS. The fraudster in this case threatened to freeze the members’ accounts if they didn’t send money for taxes the scammer claimed they owed from under-reported income on their tax returns.
If you receive a suspicious phone call such as this—or any suspicious form of communication in which someone requests you to send money—it’s important that you do not offer any personal information or forms of payment to the caller. Instead, hang up and use a different phone number or other form of secure communication that you know is legitimate if you’d like to contact the organization and confirm its validity. For example, the member in this scenario could have visited IRS.gov, the secure and trusted IRS website, to view information directly from the IRS on what to do in this situation.
Please note that Clearview will never call unexpectedly and ask for your personal information or payments over the phone, via text message or via email.
Check out the other pages in our Security Center for more information on the common types of phishing scams and what to do if you think your personal information has been compromised. If you would like to report a phishing attempt that threatened your Clearview accounts, or if you believe your accounts may have already been compromised, call us at 1-800-926-0003.
Tips for Passwords and Securing Your Accounts
These days, it's hard to keep track of the numerous passwords and login credentials we all have for the accounts and websites that help organize our lives. In addition to creating strong passwords, it's also important to organize the passwords themselves and create unique credentials for each account.
Luckily, we found some helpful tips from stopthinkconnect.org, so you can have the strongest, most organized passwords possible. Click here to view or download a PDF with the latest tips, and also consider trying some of the latest authentication methods, such as Touch ID and Eyeprint ID to utilize your fingerprint or the vein pattern in your eyes to safeguard your Clearview accounts.
Tax Identity Theft Awareness Week
With tax season beginning, the Federal Trade Commission has announced Tax Identity Theft Awareness Week from Jan. 25 through Jan. 29.
NCUA has updated its tax identity theft resources page at MyCreditUnion.gov to include useful information for preventing or reporting identity theft that may be perpetrated using fake contacts that appear to be legitimate Internal Revenue Service requests for taxpayer information.
“Cyber hackers and old-fashioned thieves can trick people into divulging personal and financial information not only during tax season, but all year long,” Board Chairman Debbie Matz said. “NCUA has an ongoing commitment to protecting and educating consumers, helping them understand how they can prevent theft and informing them where to get help should they become victims of fraud.”
Consumers should be aware the IRS does not initiate contacts with taxpayers by email, text messages or social media channels to request personal or financial information.
The U.S. Department of Justice reports that, in 2014, 17.6 million Americans were victims of identity theft with estimated losses of $15.4 billion. Tax season is a particularly busy time for identity thieves, and the IRS itself can be a target. IRS paid about $5.8 billion in fraudulent tax refunds in 2013 while preventing about $24 billion in cases in which it was able to detect and prevent fraud.
MyCreditUnion.gov also has numerous resource pages with information to help credit union members understand and prevent identity theft and protect themselves from other frauds and scams. In addition, NCUA has videos describing how to fight against fraud on its YouTube channel.
For more information on identity theft and protecting your Clearview accounts, visit our online Security Center. If you think your Clearview account information may have been compromised by cybercriminals, contact us immediately at 1-800-926-0003.
Stagefright Android Text Message Vulnerability - July 2015
You may have heard about a recent vulnerability discovered in Android devices using operating system 2.2 or higher. The source of this exploit is a media playback tool called Stagefright used by Android devices. Stagefright is vulnerable to a remote code execution bug, allowing hackers to potentially infiltrate devices and access private information by sending an SMS message with a video in it.
To protect your device, experts suggest that you configure your devices to automatically install updates, which will protect your information with the latest security features. As always, it’s also important to regularly monitor your account activity and personal information to uncover any suspicious activity as early as possible. If you believe your Clearview account information may have been compromised, contact us immediately at 1-800-926-0003. For more information from our Identity Theft Center, click here.
Digital Photo Service Breach – July 2015
According to SC Magazine, a third-party vendor is investigating a potential credit card incident that has prompted Rite Aid, Costco, Sam's Club and Tesco to follow CVS and Walmart Canada in taking their respective photo center websites offline.
The vendor was named as PNI Digital Media by CVS and Rite Aid, and the company reportedly hosts and maintains Walmart Canada's photo center website as well. It was acquired by Staples a year ago.
“PNI is investigating a potential credit card data issue, and outside security experts are assisting in the investigation,” said a PNI Digital Media statement emailed to SCMagazine.com on Monday. “If an issue is discovered, it is important to note that consumers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”
That data may have included names, addresses, phone numbers, email addresses and credit card information, the notification indicated. Most of these retailers are still offering photo services in-store at their retail locations.
If you have further questions on this issue, please visit any of the stores’ respective websites, or if you believe information regarding your Clearview accounts may have been stolen, contact us immediately at 1-800-926-0003.
For more information from our Identity Theft Center, click here.
OPM Cybersecurity Breach - June 2015
Through the course of the ongoing investigation into the cyber intrusion that compromised personnel records of current and former Federal employees announced on June 4, OPM has recently discovered that additional systems were compromised. These systems included those that contain information related to the background investigations of current, former, and prospective Federal government employees, as well as other individuals for whom a Federal background investigation was conducted.
This separate incident – like the one that was announced on June 4th affecting personnel information of current and former federal employees – was discovered as a result of OPM’s aggressive efforts to update its cybersecurity posture, adding numerous tools and capabilities to its network.
As always, if you think information regarding your Clearview accounts has been compromised, contact us immediately at 1-800-926-0003. For more information from our Identity Theft Center, click here.
Samsung SwiftKey Vulnerability - June 2015
Please be aware of the Samsung SwiftKey vulnerability which you may have heard about recently in the news. If you use a Samsung Galaxy phone, we recommend that you ensure your device is configured to automatically receive the security update from Samsung once it is available. If you have questions about this particular security update, please contact your carrier.
For all mobile device users, it is recommended that you configure your devices to automatically receive system and security updates, if possible. It is also recommended that you do not use unsecure wireless networks (such as “free wi-fi”) for activities involving personal information such as mobile banking.
Tax Identity Theft
There are many forms of identity theft, and we don't always think about how the consequences might affect us during tax season. Tax identity thieves may use your Social Security number to get a tax refund or employment. If the IRS sends you a notice saying their records show you were paid by an employer you don't know, or more than one tax return was filed using your Social Security number, you should contact the IRS right away.
To help educate consumers, the Federal Trade Commission published the following ways to uncover Tax Identity Theft and how to deal with it if you become a victim:
Uncovering Tax-Related Identity Theft
The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Identity theft can affect how your tax return is processed. An unexpected notice or letter from the IRS could alert you that someone else is using your SSN; however, the IRS doesn't start contact with a taxpayer by sending an email, text or social media message that asks for personal or financial information. If you get an email that claims to be from the IRS, do not reply or click on any links. Instead, forward it to email@example.com.
If someone uses your SSN to file for a tax refund before you do, the IRS might think you already filed and got your refund. When you file your return later, IRS records will show the first filing and refund, and you'll get a notice or letter from the IRS saying more than one return was filed for you.
If someone uses your SSN to get a job, the employer may report that person's income to the IRS using your SSN. When you file your tax return, you won't include those earnings. IRS records will show you failed to report all your income. The agency will send you a notice or letter saying you received wages but didn't report them. The IRS doesn't know those wages were reported by an employer you don't know.
Dealing With Tax-Related Identity Theft
If you think someone used your SSN for a tax refund or employment — or the IRS sends you a notice or letter indicating a problem — contact the IRS immediately. Specialists will work with you to get your tax return filed, get you any refund you are due and protect your IRS account from identity thieves in the future.
1. CONTACT THE INTERNAL REVENUE SERVICE:IRS Identity Protection Specialized Unit at 1-800-908-4490.
- Report the fraud.
- Send a copy of your police report or an IRS ID Theft Affidavit Form 14039 [PDF] and proof of your identity, such as a copy of your Social Security card, driver's license or passport.
2. UPDATE YOUR FILES:
- Record the dates you made calls or sent letters.
- Keep copies of letters in your files.
Home Depot Data Breach - September 2014
Home Depot recently confirmed that they are the victim of a massive data breach. It has been confirmed that card data has been stolen from all U.S. and Canadian stores.
More information is available here from krebsonsecurity.com. In Krebs' article, links are provided to the ZIP codes of the stores for which card data has been captured. A comparison of these ZIP codes and of the ZIP codes of The Home Depot stores shows a 99.4 percent overlap. Below is a list of all ZIP codes affected in the Southwestern Pennsylvania region:
15017, 15051, 15101, 15102, 15122, 15137, 15206, 15235, 15237, 15275, 15301, 15401, 15601, 15904, 16001, 16066, 16323, 16335, 16509, 16602, 16803
It is strongly recommended that you regularly review your card activity and report any suspicious transactions immediately. This is always sage advice, but particularly so with this recent spate of card-swipe compromises. Clearview will continue to monitor all member accounts for suspicious activity. As always, members are urged to be diligent in protecting their personal information, as scamming and phishing attempts could increase due to this data incident.
Click here for more information from The Home Depot's web page regarding updates to the investigation.
Tech Support Scams
Please be aware of recent "tech support" scams that have been targeting companies and their employees. In a typical tech support scam, a caller will offer computer support services and will claim to be a representative of either a well-known company or a fake company with a generic name.
The fraudulent caller will claim to have received an alert that your computer is infected by a virus and offer to fix the problem. They will likely request access to your computer and ask that you download software. Sometimes the caller may charge a fee ranging from $100 to $400. If you download anything or grant remote access to the scammer, they upload a virus or tracking program that will allow them to retrieve personal information and data stored on the computer.
Below are some tips that can prevent you from becoming a victim of a tech support scam:
- Computer and other legitimate tech companies will never make an unsolicited call about a problem your computer may be having. The only way they will know you are having an issue is if you initiate the call.
- Remember that any time you hand over control of your computer to someone else, they can access any and all parts of your computer, including any files with personal information.
- When buying goods and services online, always use a secure form of payment. Avoid businesses and individuals who only accept wire transfers or cashier's checks, as they do not offer as much security.
- Educate your employees about tech support scams and other threats to your company. Make sure that each employee knows how to handle unsolicited phone calls and how to contact your computer manufacturer's customer support should the need arise.
If you think you might be a victim of a tech support scam and you are concerned about your Clearview account, call us at 1-800-926-0003.
Text Message Phishing Scam Targeting Clearview Members and Non-Members
Clearview has been made aware of a phishing scam targeting both members and non-members. These individuals have reported receiving a call, text or email from phone numbers with a 423, 412 or 724 area code. This message provides a link and asks that the individual contact Clearview about their account. When the recipient calls the number or visits the web address provided, they are asked to enter their Social Security Number along with other personal information. See the image below. Clearview Federal Credit Union will not initiate a request via email or text for any sensitive information, including your Social Security number and will never ask members to provide confidential information over the phone. If you have replied to any "phishing" email or text message, it is important to report it right away. Call Clearview at 1-800-926-0003 so the appropriate action can be taken.
If you are not a member of Clearview and you have replied to the phishing message please contact your financial institution immediately.
To protect yourself from becoming a victim, it's important to take every precaution you can. Never open any files or click on any links you receive from unknown senders via text message, email or social media messaging, and report any suspicious activity on your mobile device or apps regarding your Clearview accounts to Clearview's Service Center at 1-800-926-0003.
Clearview has always taken steps to protect our member's identities and will continue to monitor this situation and update members as soon as possible with any new information.
A sample of a fraudulent message sent to members and non-members. Clearview will never contact you to verify or supply personal information. If you receive a message of this nature delete it immediately.
Svpeng Mobile Malware
A virus known as "Svpeng" was first detected in the U.S. on June 11, 2014, but according to experts cited in the Credit Union Journal online, the mobile malware is not yet attempting to steal banking credentials.
While Svpeng has been used previously outside the U.S. to steal online banking credentials, in the U.S. the malware is said to break into a mobile device through a social engineering campaign using text messages, and is almost impossible to remove, experts have stated. Once it's wormed its way into a device, the malware looks for apps from a specific set of financial institutions: USAA, Citigroup, American Express, Wells Fargo, Bank of America, TD Bank, JPMorgan Chase, BB&T and Regions Bank. No credit unions appear to be on the target list yet. The malware then locks the screen of the mobile device with a fake FBI penalty notification letter and demands $200 in the form of Green Dot MoneyPak cards. It also displays a photo of the user taken by the phone's front camera.
To protect yourself from this malware, it's important to take the same security precautions on your smartphone and tablets as you do on PCs and laptops. Do not open any links you receive from unknown senders via text message, email or social media messaging, and report any suspicious activity on your mobile device or apps regarding your Clearview accounts to Clearview's Service Center at 1-800-926-0003.
Clearview will continue to monitor this situation, and update members as soon as possible with any new information regarding security threats.
Microsoft and the Department of Homeland Security Urge Internet Explorer Users to Exercise Caution
Microsoft confirmed on April 26, 2014 that a security vulnerability exists in versions 6 through 11 of Internet Explorer, which are used by about one in four online consumers. This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
While no major security attacks have been found so far, Microsoft acknowledged on April 26th that it's aware of "limited, targeted attacks that attempt to exploit a vulnerability". Microsoft is expected to issue a patch for the problem soon, but there will be no patch for the millions of users who still run Microsoft's Windows XP operating system. The operating system was first released in 2001, and Microsoft officially stopped supporting it on April 8, 2014.
Microsoft encourages everyone to exercise caution when visiting websites, and avoid clicking suspicious links or opening email messages from unfamiliar senders. Turning on Enhanced Protected Mode within your browser, on by default with Internet Explorer 10 and Internet Explorer 11, will help protect against the potential risk. Additional information can be found at www.microsoft.com/protect.
The Department of Homeland Security's U.S. Computer Emergency Response Team (US-CERT) urged consumers who cannot follow Microsoft's recommendations, such as Windows XP users, to consider employing an alternate browser, such as Mozilla Firefox or Google Chrome.
Apple Releases Security Update
Apple has recently released a critical security update to address a potential vulnerability and security patch for its Mac, iPhone, iPad and iPod devices.
Apple has recommended that users of these devices immediately take steps to reduce security risks by updating to the latest version of their device's operating system. The update is available for iOS7, iOS6 and OSX desktop platforms and can be found under "Software Update" on the general settings of your device.
Please make sure that your OS version is greater than or equal to iOS 7.0.6, iOS 6.1.6 or OS X 10.9.2.
The security of our online and mobile banking offerings continues to be a top priority. Updating your Apple device will help reduce security risks. If you have any questions please feel free to call us at 1-800-926-0003, option 7.
Target Data Breach - December 2013
If you shopped at a Target store in the U.S. between November 27 and December 15, 2013, we strongly encourage you to consistently monitor your Clearview debit and/or credit card accounts for suspicious activity. If you have concerns about your account please contact Clearview at 1-800-926-0003.
Virus Hunters are tele-exploiters who call your home and try to get you to allow them on your computer for a fee to find a‘virus'. If you receive calls from any of these people your best course of action is to hang up immediately. If you have caller ID and want to note the incoming phone number, it can be reported to the state but generally caller ID comes up as unknown.
It's easy for these people, once they are on your system, to make the simplest thing like an Internet cookie and alter it to look like a virus. Once they create the panic that you have viruses on your computer, they then offer to help troubleshoot and fix the problem for a cost. Be wary of this scan and inform your friends and family. Tele-exploiters can give the impression that they really know you, and unfortunately that's how they can get so many to go along with their scam and fall for the exploitation.
IRS Warns of Pervasive Telephone Scam
The Internal Revenue Service has informed consumers of a phone scam that is targeting taxpayers throughout the country. Victims of the phishing scam are told that they owe money to the IRS and it must be paid through a pre-paid debit card or wire transfer. If the victim refuses to cooperate, the caller may become hostile and threaten the victim with arrest, deportation, or suspension of a business or driver's license. Scammers may also use fake names and IRS badge numbers, recite the last four digits of a victim's Social Security Number, and even spoof the IRS toll-free number on caller ID to make it appear that it's the IRS calling.
The IRS Commissioner John Koskinen advises taxpayers that the IRS will send official correspondence through the mail for the first contact. Additionally, it is important for taxpayers to know that the IRS:
- Never asks for credit card, debit card, or prepaid card information over the telephone.
- Never insists that taxpayers use a specific payment method to pay tax obligations
- Never requests immediate payment over the telephone and will not take enforcement action immediately following a phone conversation. Taxpayers usually receive prior notification of IRS enforcement action involving IRS tax liens or levies.
Below is what the IRS recommends you do if you receive a phone call from someone claiming to be from the IRS:
- If you know you owe taxes or you think you might owe taxes, call the IRS at 1-800-829-1040. The IRS employees at that line can help you with a payment issue – if there really is such an issue.
- If you know you don't owe taxes or have no reason to think that you owe any taxes (for example, you've never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1-800-366-4484.
- If you've been targeted by this scam, you should also contact the Federal Trade Commission and use their "FTC Complaint Assistant" at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.
The IRS also warns that taxpayers be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.
Be wary of charitable appeals linked to disasters and malicious attacks
In the wake of natural disasters and malicious attacks in areas of the US, state representatives urge Americans to be cautious and prudent with their charitable giving. After a disaster or attack, questionable charity appeals can surface quickly, with many of them surfacing by way of the Internet.
State representatives highly recommend that personal information should not be given over the phone or online, unless you are familiar with the charitable organization. Also, the reputable charity should never pressure you into donating on the spot.
Phishing Automated Phone Call ScamWe have been made aware that Clearview members are receiving automated fraudulent phone calls and messages, informing them that their debit card has been deactivated, suspended or blocked due to security reasons. If you receive these calls, do not share your personal account information. Clearview would never convey or ask for personal information in this manner. Please hang up immediately and contact Clearview at 1-800-926-0003.
Phishing Emails posing as TurboTax messages
Clearview has been made aware of emails that appear to be from TurboTax stating that "Your State Return Has Been Rejected," please be aware that these are not from Clearview Federal Credit Union or TurboTax. Should you receive one of these emails please do not open the attachment or forward the email. Immediately delete the email. The email does not contain a link; however, the email has a .zip attachment that contains malware. Do not open the attached .zip file. If you have opened this email we encourage you to run the antivirus software on your computer and make sure that all of your software is up to date.
Cyber Attacks on BanksThere have been several cyber attacks on large banks recently. While Clearview has not directly been affected, it is still important to be aware of these online threats and take caution when accessing your account online. To protect yourself, you should never click on links in suspicious emails, and be cautious of any websites that appear to not be legitimate. If you believe your account has been compromised, please call us at 1-800-926-0003 immediately.
Automated Phone Call Scam
Clearview has been made aware of fraudulent attempts to obtain sensitive information from the public using automated phone calls that play recorded messages claiming to be from a credit union. These phone calls specifically requested credit and debit card information. Clearview will never ask for sensitive information from you through an automated phone call. If you receive a phone call like this, do not respond. If you have any questions regarding this, or any other identity theft issues, please call us at 1-800-926-0003. You should also report this to the Federal Trade Commission by calling 1-877-382-4357, as well as law enforcement and your telephone provider.
Credit Card Smishing
Clearview has learned of smishing scams affecting members of other credit unions. In these scams, members receive text messages stating that their credit cards have been deactivated, and asking them to call a phone number to provide account and PIN numbers to resolve the issue.
Clearview would never request account numbers or PIN numbers via text message. If you receive a similar text message, do not respond, and do not call the provided phone number. If you have any questions on this, or any other identity theft issues, please feel free to call Clearview at 1-800-926-0003.
Tax Refund Scam
Clearview was made aware of fraudulent attempts to encourage the public to file fax returns claiming fraudulent refunds. In the scam, refunds are promised to individuals who have little to no income, who would not normally need to file taxes. The victims are promised that they can obtain a tax refund, or non-existent stimulus payment from the American Opportunity Tax Credit, even if the victim is not enrolled or paying for college. Please be cautious of anyone offering you a tax refund when you are not expecting one. Several other similar tax-related scams are affecting consumers as well. If you have any questions, please call us at 1-800-926-0003.
NACHA Scam Alert
Clearview has received reports of fraudulent emails continuing to be sent to consumers and businesses, claiming to be from NACHA (National Automated Clearing House Association), stating that an ACH transaction was canceled. If you receive a similar email, do not click any of the embedded links. Instead, delete the email immediately.
Cash Edge Malware Attempt
Clearview has been made aware of a fraudulent attempt to obtain personal information using a message appearing to be from the Cash Edge funds transfer system. When the user attempts to log into what they believe is the Online Banking software provided by their credit union or bank, they view a message appearing to be from Cash Edge asking for personal information in order to enroll in a risk monitoring service. This message is not from Cash Edge, nor Clearview. You should not enter any personal information if you see this message.
Clearview would never solicit personal information from you in this manner. If you receive a similar message, close your browser window and immediately run virus scan software. This message is likely caused by malware installed on your computer when you downloaded a file from the internet. If you have any questions concerns, please call us at 1-800-926-0003, or email firstname.lastname@example.org.
FDIC Phishing Attempt
Clearview has been made aware of an attempt to fraudulently obtain sensitive information using emails claiming to be from the Federal Deposit Insurance Corporation (FDIC). These emails are being sent from several "@fdic.gov" email addresses, and include subject lines such as "Update for your banking account," "ACU and Wire transfers disabled," and "Banking security update." Please keep in mind that neither the FDIC nor Clearview will ever solicit sensitive information via email. If you receive one of these emails, please do not click any of the links within them, and instead delete them immediately.
IRS Phishing Attempt
Clearview has been made aware of an attempt to fraudulently obtain personal information via an email claiming to be from the IRS. The IRS is investigating this series of attacks and has asked that any fraudulent emails be forwarded to email@example.com with the phrase "Suspicious Activity" in the subject line. Neither the IRS nor Clearview will ever attempt to obtain sensitive information via email. If you have any questions on this, or any other suspicious email attempting to gain your account information, please call Clearview at 1-800-926-0003.
Text Message Scam Alert
Clearview has received reports of a recent fraudulent text message. The message states that a person's credit card has been deactivated, and they must call a phone number to re-activate their card. This text message is a fraudulent attempt to obtain personal information. If you receive this, or any similar text messages, please do not respond and delete the message.
Phishing Email Scam Alert
Clearview has been notified of a phishing campaign targeting merchant accounts of First Data, a payment processing vendor. These fraudulent emails contain the text "MERCHANT ACCOUNT UPDATE" in the subject line, and claim to be from "FIRSTDATA SERVICES." The body of the email contains the text "Dear First Data customer, please update your login. Download the attachment in this email and proceed." The attachment is entitled "Update Your Account Information.html," which when opened inside the browser, displays a fraudulent First Data Global Gateway login page which attempts to gather the merchant's store number, user ID, tax ID, phone number and password. If you receive this email, delete it immediately. Do not open the attachment. Please call Clearview at 1-800-926-0003 if you have any questions.
Voice Recording Phishing
A recent phishing scam involving voice recorded phone messages has been brought to our attention. Several members have received phone calls with voice recorded messages saying that there has been a compromise on your credit card. You are then prompted to enter your card information (if you answer the phone) or to call a number (if the message is left as a voice mail) where you are then prompted to enter your card information. This number is a California based number with the area code of 310. If you have already entered this information, please contact our Card Services Department at 1-800-926-0003, option 4.
Clearview will never ask for card information via recorded message or authorize any third party to do so. If you receive this message, do not give any information on your credit card. If you have any questions on this scam, please contact our Card Services Department.
"$50.00 Reward" Survey Is A Phish
Please be aware of any fraudulent "$50.00 Reward" emails that you may receive by email. These surveys are part of recent scams aimed at securing confidential personal data for possible identity theft.
Emails are being sent in the name of (Credit Union National Association) CUNA and (National Credit Union Administration) NCUA. The CUNA phish uses a subject line: "Get your $50.00 Reward Survey with Credit Union National Association." The message includes the America's Credit Unions brand logo.
The text of the NCUA message is addressed to "Dear National Credit Union Administration Customer," offers a survey with five easy questions, and a $50 credit to the recipient's account.
Neither CUNA nor NCUA are financial institutions; they don't have consumer accounts. The recipient message asks the recipient to click on the link. There, the recipient is asked for financial information.
If you receive a "$50 Reward" email, do not click on the links provided. These emails should be deleted.
National Credit Union Administration (NCUA)
Clearview Federal Credit Union is aware that there are multiple email fraud attempts, known as "Phishing," being initiated via email sent to both Clearview members and the general public that appear to be from the National Credit Union Administration (NCUA). These emails may ask for the recipient to click on a link to verify their credit union account registration. If the recipient proceeds, the link will direct them to a false website and ask for their credit union account number and PIN, as well as other personal information.
These messages are a scam and should be deleted immediately. Clearview will never solicit emails requesting your credit union account number, password, PIN, or other personal identity information. We remind you to only enter your personal account information from a secure website.
If you have already responded to such an email and provided any confidential information, please notify Clearview immediately by calling 1-800-926-0003. We will be happy to assist you with changing your account PIN, as well as in taking any additional action to protect your Clearview account.
If you feel that you have received a fraudulent phishing email purportedly from NCUA please forward the entire email message to Phishing@ncua.gov.
Additionally, you can file formal complaints concerning any suspected fraudulent email with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center.
End of Support for Windows XP Operating System
Please be aware that support for Windows XP ended on April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system, and so it is important that Windows XP users migrate to a modern operating system such as Windows 8.1. Users who move to this more modern operating system will benefit from enhanced security, increased productivity and more.
For more information regarding the end of Windows XP support and steps on how to migrate to a newer operating system click here.
The Heartbleed bug continues to impact computer systems worldwide. Heartbleed is a security vulnerability in a technology component (OpenSSL) used by a large number of the Internet's web sites to secure the traffic, passwords and other sensitive information transmitted to and from users and visitors. The flaw permits unauthorized access to server memory, which might include usernames and passwords, re-usable browser cookies, or even encryption keys used to secure the transmission of your information. Because of this, a site can remain affected long after the actual bug is fixed.
As the media continues to report on the threat of the Heartbleed Bug, Clearview wants to assure our members that their information is safe at the Credit Union. Clearview's ATM machines are in complete compliance with the National Credit Union Association (NCUA) and the regulatory bodies that monitor these machines. Additionally, Clearview's software systems used for the machines are also up-to-date and run tight security that is known to protect our member data from viruses, including this latest threat. Neither the Windows XP concerns nor this internet-related virus are a threat to our systems and membership.
In addition, Clearview's Online Banking provider, Digital Insight, is fully aware of this virus and is reacting to it. They performed a thorough investigation of the virus and they feel it does not impact our Online Banking service. The encryption methods used for the user name and password authentication as well as the member data display does not use the threatened OpenSSL library, which is the source of vulnerability with this virus. They continue to investigate the reaches of this "bug" and are working with third party vendors (our BillPayer provider and others) to assess the impact on these systems. Clearview is confident that our members will not be impacted in any way. Also, it is important to note that TurboTax through Online Banking has been evaluated and found to be unaffected.