Clearview Federal Credit Union
Resources Resources

Identity Theft Alerts

Home Depot Data Breach

Home Depot recently confirmed that they are the victim of a massive data breach. It has been confirmed that card data has been stolen from all U.S. and Canadian stores.

More information is available here from krebsonsecurity.com. In Krebs’ article, links are provided to the ZIP codes of the stores for which card data has been captured. A comparison of these ZIP codes and of the ZIP codes of The Home Depot stores shows a 99.4 percent overlap. Below is a list of all ZIP codes affected in the Southwestern Pennsylvania region:

15017, 15051, 15101, 15102, 15122, 15137, 15206, 15235, 15237, 15275, 15301, 15401, 15601, 15904, 16001, 16066, 16323, 16335, 16509, 16602, 16803

It is strongly recommended that you regularly review your card activity and report any suspicious transactions immediately. This is always sage advice, but particularly so with this recent spate of card-swipe compromises. Clearview will continue to monitor all member accounts for suspicious activity. As always, members are urged to be diligent in protecting their personal information, as scamming and phishing attempts could increase due to this data incident.

Click here for more information from The Home Depot’s web page regarding updates to the investigation.


Tech Support Scams

Please be aware of recent “tech support” scams that have been targeting companies and their employees. In a typical tech support scam, a caller will offer computer support services and will claim to be a representative of either a well-known company or a fake company with a generic name.

The fraudulent caller will claim to have received an alert that your computer is infected by a virus and offer to fix the problem. They will likely request access to your computer and ask that you download software. Sometimes the caller may charge a fee ranging from $100 to $400. If you download anything or grant remote access to the scammer, they upload a virus or tracking program that will allow them to retrieve personal information and data stored on the computer.

Below are some tips that can prevent you from becoming a victim of a tech support scam:

  • Computer and other legitimate tech companies will never make an unsolicited call about a problem your computer may be having. The only way they will know you are having an issue is if you initiate the call.
  • Remember that any time you hand over control of your computer to someone else, they can access any and all parts of your computer, including any files with personal information.
  • When buying goods and services online, always use a secure form of payment. Avoid businesses and individuals who only accept wire transfers or cashier’s checks, as they do not offer as much security.
  • Educate your employees about tech support scams and other threats to your company. Make sure that each employee knows how to handle unsolicited phone calls and how to contact your computer manufacturer’s customer support should the need arise.

If you think you might be a victim of a tech support scam and you are concerned about your Clearview account, call us at 1-800-926-0003.


Text Message Phishing Scam Targeting Clearview Members and Non-Members

Clearview has been made aware of a phishing scam targeting both members and non-members. These individuals have reported receiving a call, text or email from phone numbers with a 423, 412 or 724 area code. This message provides a link and asks that the individual contact Clearview about their account. When the recipient calls the number or visits the web address provided, they are asked to enter their Social Security Number along with other personal information. See the image below. Clearview Federal Credit Union will not initiate a request via email or text for any sensitive information, including your Social Security number and will never ask members to provide confidential information over the phone. If you have replied to any "phishing" email or text message, it is important to report it right away. Call Clearview at 1-800-926-0003 so the appropriate action can be taken.

If you are not a member of Clearview and you have replied to the phishing message please contact your financial institution immediately.

To protect yourself from becoming a victim, it’s important to take every precaution you can. Never open any files or click on any links you receive from unknown senders via text message, email or social media messaging, and report any suspicious activity on your mobile device or apps regarding your Clearview accounts to Clearview’s Service Center at 1-800-926-0003.

Clearview has always taken steps to protect our member’s identities and will continue to monitor this situation and update members as soon as possible with any new information.

Fraudulent Message Targeting both Members and Non-Members

A sample of a fraudulent message sent to members and non-members. Clearview will never contact you to verify or supply personal information. If you receive a message of this nature delete it immediately.


Svpeng Mobile Malware

A virus known as “Svpeng” was first detected in the U.S. on June 11, 2014, but according to experts cited in the Credit Union Journal online, the mobile malware is not yet attempting to steal banking credentials.

While Svpeng has been used previously outside the U.S. to steal online banking credentials, in the U.S. the malware is said to break into a mobile device through a social engineering campaign using text messages, and is almost impossible to remove, experts have stated. Once it's wormed its way into a device, the malware looks for apps from a specific set of financial institutions: USAA, Citigroup, American Express, Wells Fargo, Bank of America, TD Bank, JPMorgan Chase, BB&T and Regions Bank. No credit unions appear to be on the target list yet. The malware then locks the screen of the mobile device with a fake FBI penalty notification letter and demands $200 in the form of Green Dot MoneyPak cards. It also displays a photo of the user taken by the phone's front camera.

To protect yourself from this malware, it’s important to take the same security precautions on your smartphone and tablets as you do on PCs and laptops. Do not open any links you receive from unknown senders via text message, email or social media messaging, and report any suspicious activity on your mobile device or apps regarding your Clearview accounts to Clearview’s Service Center at 1-800-926-0003.

Clearview will continue to monitor this situation, and update members as soon as possible with any new information regarding security threats.
 


Microsoft and the Department of Homeland Security Urge Internet Explorer Users to Exercise Caution

Microsoft confirmed on April 26, 2014 that a security vulnerability exists in versions 6 through 11 of Internet Explorer, which are used by about one in four online consumers. This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

While no major security attacks have been found so far, Microsoft acknowledged on April 26th that it's aware of "limited, targeted attacks that attempt to exploit a vulnerability". Microsoft is expected to issue a patch for the problem soon, but there will be no patch for the millions of users who still run Microsoft's Windows XP operating system. The operating system was first released in 2001, and Microsoft officially stopped supporting it on April 8, 2014.

Microsoft encourages everyone to exercise caution when visiting websites, and avoid clicking suspicious links or opening email messages from unfamiliar senders. Turning on Enhanced Protected Mode within your browser, on by default with Internet Explorer 10 and Internet Explorer 11, will help protect against the potential risk. Additional information can be found at www.microsoft.com/protect.

The Department of Homeland Security's U.S. Computer Emergency Response Team (US-CERT) urged consumers who cannot follow Microsoft's recommendations, such as Windows XP users, to consider employing an alternate browser, such as Mozilla Firefox or Google Chrome.


Apple Releases Security Update

Apple has recently released a critical security update to address a potential vulnerability and security patch for its Mac, iPhone, iPad and iPod devices.

Apple has recommended that users of these devices immediately take steps to reduce security risks by updating to the latest version of their device’s operating system. The update is available for iOS7, iOS6 and OSX desktop platforms and can be found under “Software Update” on the general settings of your device.

Please make sure that your OS version is greater than or equal to iOS 7.0.6, iOS 6.1.6 or OS X 10.9.2.

The security of our online and mobile banking offerings continues to be a top priority. Updating your Apple device will help reduce security risks. If you have any questions please feel free to call us at 1-800-926-0003, option 7.


Target Data Breach

The news of the unauthorized payment card data incident that took place at Target stores between November 27 and December 15, 2013 has created heightened awareness with consumers. A further investigation by Target of the card data breach indicates that the stolen customer information also includes names, mailing addresses, phone numbers and e-mail addresses. Clearview urges you to be extra diligent in protecting your personal information, as scamming and phishing attempts could increase due to the Target card data incident.

If you shopped at a Target store in the U.S. between November 27 and December 15, 2013, we strongly encourage you to consistently monitor your Clearview debit and/or credit card accounts for suspicious activity. If you have concerns about your account please contact Clearview at 1-800-926-0003.

 Virus Hunters

Virus Hunters are tele-exploiters who call your home and try to get you to allow them on your computer for a fee to find a‘virus’. If you receive calls from any of these people your best course of action is to hang up immediately. If you have caller ID and want to note the incoming phone number, it can be reported to the state but generally caller ID comes up as unknown.

It’s easy for these people, once they are on your system, to make the simplest thing like an Internet cookie and alter it to look like a virus. Once they create the panic that you have viruses on your computer, they then offer to help troubleshoot and fix the problem for a cost. Be wary of this scan and inform your friends and family. Tele-exploiters can give the impression that they really know you, and unfortunately that’s how they can get so many to go along with their scam and fall for the exploitation.


IRS Warns of Pervasive Telephone Scam

The Internal Revenue Service has informed consumers of a phone scam that is targeting taxpayers throughout the country. Victims of the phishing scam are told that they owe money to the IRS and it must be paid through a pre-paid debit card or wire transfer. If the victim refuses to cooperate, the caller may become hostile and threaten the victim with arrest, deportation, or suspension of a business or driver’s license. Scammers may also use fake names and IRS badge numbers, recite the last four digits of a victim’s Social Security Number, and even spoof the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.

The IRS Commissioner John Koskinen advises taxpayers that the IRS will send official correspondence through the mail for the first contact. Additionally, it is important for taxpayers to know that the IRS:

  • Never asks for credit card, debit card, or prepaid card information over the telephone.
  • Never insists that taxpayers use a specific payment method to pay tax obligations
  • Never requests immediate payment over the telephone and will not take enforcement action immediately following a phone conversation. Taxpayers usually receive prior notification of IRS enforcement action involving IRS tax liens or levies.

Below is what the IRS recommends you do if you receive a phone call from someone claiming to be from the IRS:

  • If you know you owe taxes or you think you might owe taxes, call the IRS at 1-800-829-1040. The IRS employees at that line can help you with a payment issue – if there really is such an issue. 
  • If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1-800-366-4484. 
  • If you’ve been targeted by this scam, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.

The IRS also warns that taxpayers be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.


Be wary of charitable appeals linked to disasters and malicious attacks

In the wake of natural disasters and malicious attacks in areas of the US, state representatives urge Americans to be cautious and prudent with their charitable giving. After a disaster or attack, questionable charity appeals can surface quickly, with many of them surfacing by way of the Internet.

State representatives highly recommend that personal information should not be given over the phone or online, unless you are familiar with the charitable organization. Also, the reputable charity should never pressure you into donating on the spot.


Phishing Automated Phone Call Scam

We have been made aware that Clearview members are receiving automated fraudulent phone calls and messages, informing them that their debit card has been deactivated, suspended or blocked due to security reasons. If you receive these calls, do not share your personal account information. Clearview would never convey or ask for personal information in this manner. Please hang up immediately and contact Clearview at 1-800-926-0003.

Phishing Emails posing as TurboTax messages

Clearview has been made aware of emails that appear to be from TurboTax stating that “Your State Return Has Been Rejected,” please be aware that these are not from Clearview Federal Credit Union or TurboTax. Should you receive one of these emails please do not open the attachment or forward the email. Immediately delete the email. The email does not contain a link; however, the email has a .zip attachment that contains malware. Do not open the attached .zip file. If you have opened this email we encourage you to run the antivirus software on your computer and make sure that all of your software is up to date.


Cyber Attacks on Banks

There have been several cyber attacks on large banks recently. While Clearview has not directly been affected, it is still important to be aware of these online threats and take caution when accessing your account online. To protect yourself, you should never click on links in suspicious emails, and be cautious of any websites that appear to not be legitimate. If you believe your account has been compromised, please call us at 1-800-926-0003 immediately.

Automated Phone Call Scam

Clearview has been made aware of fraudulent attempts to obtain sensitive information from the public using automated phone calls that play recorded messages claiming to be from a credit union. These phone calls specifically requested credit and debit card information. Clearview will never ask for sensitive information from you through an automated phone call. If you receive a phone call like this, do not respond. If you have any questions regarding this, or any other identity theft issues, please call us at 1-800-926-0003. You should also report this to the Federal Trade Commission by calling 1-877-382-4357, as well as law enforcement and your telephone provider.


Credit Card Smishing

Clearview has learned of smishing scams affecting members of other credit unions. In these scams, members receive text messages stating that their credit cards have been deactivated, and asking them to call a phone number to provide account and PIN numbers to resolve the issue.
Clearview would never request account numbers or PIN numbers via text message. If you receive a similar text message, do not respond, and do not call the provided phone number. If you have any questions on this, or any other identity theft issues, please feel free to call Clearview at 1-800-926-0003. 


Tax Refund Scam

Clearview was made aware of fraudulent attempts to encourage the public to file fax returns claiming fraudulent refunds. In the scam, refunds are promised to individuals who have little to no income, who would not normally need to file taxes. The victims are promised that they can obtain a tax refund, or non-existent stimulus payment from the American Opportunity Tax Credit, even if the victim is not enrolled or paying for college. Please be cautious of anyone offering you a tax refund when you are not expecting one. Several other similar tax-related scams are affecting consumers as well. If you have any questions, please call us at 1-800-926-0003.


NACHA Scam Alert

Clearview has received reports of fraudulent emails continuing to be sent to consumers and businesses, claiming to be from NACHA (National Automated Clearing House Association), stating that an ACH transaction was canceled. If you receive a similar email, do not click any of the embedded links. Instead, delete the email immediately. 


Cash Edge Malware Attempt 

Clearview has been made aware of a fraudulent attempt to obtain personal information using a message appearing to be from the Cash Edge funds transfer system. When the user attempts to log into what they believe is the Online Banking software provided by their credit union or bank, they view a message appearing to be from Cash Edge asking for personal information in order to enroll in a risk monitoring service. This message is not from Cash Edge, nor Clearview. You should not enter any personal information if you see this message.

Clearview would never solicit personal information from you in this manner. If you receive a similar message, close your browser window and immediately run virus scan software. This message is likely caused by malware installed on your computer when you downloaded a file from the internet. If you have any questions concerns, please call us at 1-800-926-0003, or email support@clearviewfcu.org.  


FDIC Phishing Attempt

Clearview has been made aware of an attempt to fraudulently obtain sensitive information using emails claiming to be from the Federal Deposit Insurance Corporation (FDIC). These emails are being sent from several “@fdic.gov” email addresses, and include subject lines such as “Update for your banking account,” “ACU and Wire transfers disabled,” and “Banking security update.” Please keep in mind that neither the FDIC nor Clearview will ever solicit sensitive information via email. If you receive one of these emails, please do not click any of the links within them, and instead delete them immediately.


IRS Phishing Attempt

Clearview has been made aware of an attempt to fraudulently obtain personal information via an email claiming to be from the IRS. The IRS is investigating this series of attacks and has asked that any fraudulent emails be forwarded to phishing@irs.gov with the phrase “Suspicious Activity” in the subject line. Neither the IRS nor Clearview will ever attempt to obtain sensitive information via email. If you have any questions on this, or any other suspicious email attempting to gain your account information, please call Clearview at 1-800-926-0003.


Text Message Scam Alert

Clearview has received reports of a recent fraudulent text message. The message states that a person’s credit card has been deactivated, and they must call a phone number to re-activate their card. This text message is a fraudulent attempt to obtain personal information. If you receive this, or any similar text messages, please do not respond and delete the message. 


Phishing Email Scam Alert

Clearview has been notified of a phishing campaign targeting merchant accounts of First Data, a payment processing vendor. These fraudulent emails contain the text "MERCHANT ACCOUNT UPDATE" in the subject line, and claim to be from "FIRSTDATA SERVICES." The body of the email contains the text "Dear First Data customer, please update your login. Download the attachment in this email and proceed." The attachment is entitled “Update Your Account Information.html,” which when opened inside the browser, displays a fraudulent First Data Global Gateway login page which attempts to gather the merchant’s store number, user ID, tax ID, phone number and password. If you receive this email, delete it immediately. Do not open the attachment. Please call Clearview at 1-800-926-0003 if you have any questions. 


Voice Recording Phishing

A recent phishing scam involving voice recorded phone messages has been brought to our attention. Several members have received phone calls with voice recorded messages saying that there has been a compromise on your credit card. You are then prompted to enter your card information (if you answer the phone) or to call a number (if the message is left as a voice mail) where you are then prompted to enter your card information. This number is a California based number with the area code of 310. If you have already entered this information, please contact our Card Services Department at 1-800-926-0003, option 4.

Clearview will never ask for card information via recorded message or authorize any third party to do so. If you receive this message, do not give any information on your credit card. If you have any questions on this scam, please contact our Card Services Department.


"$50.00 Reward" Survey Is A Phish

Please be aware of any fraudulent "$50.00 Reward" emails that you may receive by email. These surveys are part of recent scams aimed at securing confidential personal data for possible identity theft.

Emails are being sent in the name of (Credit Union National Association) CUNA and (National Credit Union Administration) NCUA. The CUNA phish uses a subject line: "Get your $50.00 Reward Survey with Credit Union National Association." The message includes the America's Credit Unions brand logo.

The text of the NCUA message is addressed to "Dear National Credit Union Administration Customer," offers a survey with five easy questions, and a $50 credit to the recipient's account.

Neither CUNA nor NCUA are financial institutions; they don't have consumer accounts. The recipient message asks the recipient to click on the link. There, the recipient is asked for financial information.

If you receive a "$50 Reward" email, do not click on the links provided. These emails should be deleted.


National Credit Union Administration (NCUA)

Clearview Federal Credit Union is aware that there are multiple email fraud attempts, known as "Phishing," being initiated via email sent to both Clearview members and the general public that appear to be from the National Credit Union Administration (NCUA). These emails may ask for the recipient to click on a link to verify their credit union account registration. If the recipient proceeds, the link will direct them to a false website and ask for their credit union account number and PIN, as well as other personal information.

These messages are a scam and should be deleted immediately. Clearview will never solicit emails requesting your credit union account number, password, PIN, or other personal identity information. We remind you to only enter your personal account information from a secure website.

If you have already responded to such an email and provided any confidential information, please notify Clearview immediately by calling 1-800-926-0003. We will be happy to assist you with changing your account PIN, as well as in taking any additional action to protect your Clearview account.

If you feel that you have received a fraudulent phishing email purportedly from NCUA please forward the entire email message to Phishing@ncua.gov.

Additionally, you can file formal complaints concerning any suspected fraudulent email with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center.


End of Support for Windows XP Operating System

Please be aware that support for Windows XP ended on April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system, and so it is important that Windows XP users migrate to a modern operating system such as Windows 8.1. Users who move to this more modern operating system will benefit from enhanced security, increased productivity and more.

For more information regarding the end of Windows XP support and steps on how to migrate to a newer operating system click here.


Heartbleed Bug

The Heartbleed bug continues to impact computer systems worldwide. Heartbleed is a security vulnerability in a technology component (OpenSSL) used by a large number of the Internet’s web sites to secure the traffic, passwords and other sensitive information transmitted to and from users and visitors. The flaw permits unauthorized access to server memory, which might include usernames and passwords, re-usable browser cookies, or even encryption keys used to secure the transmission of your information. Because of this, a site can remain affected long after the actual bug is fixed. 

As the media continues to report on the threat of the Heartbleed Bug, Clearview wants to assure our members that their information is safe at the Credit Union. Clearview’s ATM machines are in complete compliance with the National Credit Union Association (NCUA) and the regulatory bodies that monitor these machines.  Additionally, Clearview’s software systems used for the machines are also up-to-date and run tight security that is known to protect our member data from viruses, including this latest threat.  Neither the Windows XP concerns nor this internet-related virus are a threat to our systems and membership.

In addition, Clearview’s Online Banking provider, Digital Insight, is fully aware of this virus and is reacting to it.  They performed a thorough investigation of the virus and they feel it does not impact our Online Banking service.  The encryption methods used for the user name and password authentication as well as the member data display does not use the threatened OpenSSL library, which is the source of vulnerability with this virus.  They continue to investigate the reaches of this “bug” and are working with third party vendors (our BillPayer provider and others) to assess the impact on these systems.  Clearview is confident that our members will not be impacted in any way.  Also, it is important to note that TurboTax through Online Banking has been evaluated and found to be unaffected.

 

Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration, a U.S. Government Agency.
Site Map  |   Privacy  |   Disclosures  |   Careers
Equal Housing Lender