Delete saved User ID
Forgotten Password
Sign On Account Access Security
Search

Current Threats

Minimizing the risk of current threats is a cooperative effort of SECU and our membership. Please review how you can protect yourself from these threats, as well as how SECU protects you.

Russian Cyber Gang

In August of 2014 there have been reports that a Russian cyber gang has successfully attacked at least 420,000 websites to obtain online credentials (email address and password). They used tools to find websites that were vulnerable to specific type of attack called a SQL injection. The Credit Union’s websites are not vulnerable to a SQL injection.

Here is a short list of measures that should be taken to protect your overall online identity.
  • Do not use the same User ID and password combination at multiple websites.
  • Change User IDs and passwords frequently. Change security questions on a regular basis. On Member Access visit the 'Services' tab to update all of these.
  • Setup complex User IDs and passwords.
  • Sign up for real-time security alerts. Visit the 'Alerts' tab in Member Access.
  • Do not click on links in emails that are from unknown sources.
  • Be sure to have security protection on your personal computer. This should include a firewall, anti-virus and anti-malware. Set your software to automatically update virus definitions and rules.
The Credit Union spends millions annually on security. We have active, real-time, 24-7 monitoring of the network security. Online security is a priority and the Credit Union continues to enhance and evolve its security posture as new threats emerge.

Online Threat - Heartbleed Bug

In April 2014, news reports raised concerns about a "bug" that could affect Internet websites which use Open SSL, software often used to secure data. It was determined that the Credit Union does not use the version of Open SSL that is vulnerable to this attack; however, many websites were affected. It is suggested that you change your passwords frequently and do not use the same password at multiple sites. You may also want to verify that the other secure website(s) you are using are protected against the Heartbleed Bug.

Malware

Malware, derived from the words "malicious" and "software", is used by criminals to damage your computer system without your knowledge. Malware includes all types of unwanted software such as computer viruses, worms, trojan horses, spyware and adware. This software can create a pathway for criminals to gain personal information. If you are a victim of Malware, you will need to clean and secure all computers at your location.

If you are a victim of Malware, then you should follow the steps below:
  1. Update your data definition file
  2. Scan computer with an Anti-Virus program
  3. Scan computer with an Anti-Trojan program
  4. Scan computer with an Anti-Spyware/Adware program
  5. Run Window Update on your computer
  6. Install a Firewall program
  7. If applicable secure your wireless network

Text Messaging Fraud

Messaging fraud is the newest type of scam where members receive a fraudulent message on their phone. "Smishing" uses cell phone text messages to get you to divulge your personal information. The latest scam is to send a text that is titled ‘fraudulent activity on your debit card’. The message may include a website address, a number to text a response or a phone number to call. The scammer will then try to get you to provide information such as social security number, card number and CVV2 information. The message will give the appearance that immediate attention is needed.

If you are a victim of Messaging Fraud, then you should follow the steps below:
  1. Do NOT reply to the message in any form
  2. Forward the message to notifyus@ncsecu.org so it can be researched
  3. Delete the message

Email Fraud

Email fraud, or "phishing", involves emails that appear to be from a legitimate source, but are a criminal attempt at obtaining personal and/or account information. Phishing emails will often provide a website link that will direct you to a fake website. It will prompt you to enter your personal information. Don't be fooled! The site will look almost identical to the legitimate one. It is important to remember that State Employees' Credit Union never requests personal information via email, as email is not a secure method of communication.

If you are a victim of email fraud, then you should follow the steps below:
  1. Do NOT click any links in or reply to a suspicious email
  2. Do NOT enter any requested information
  3. Contact the SECU Contact Center immediately at (888) 732-8562 or (919) 857-2150
  4. Forward the email to notifyus@ncsecu.org

Other Online Fraud

Fraud can also occur when selling items through an online auction service. The following is a common online auction scam:

You are selling merchandise through an auction site or buy from seller site. The buyer sends you a check that is more than the asking price. You contact the buyer to let him/her know of the error. The buyer apologizes for the mistake and states they sent you the wrong check. The buyer tells you to deposit the check anyway and wire the extra funds back to a specific account. This sounds legitimate but after the check is processed, the Credit Union discovers the check is fraudulent. Since the member who deposits the check bears the responsibility of the check, you are notified that your account needs to be debited to cover the returned check.

If you become a victim of online auction fraud, then you should follow the steps below:
  1. Do NOT wire funds to anyone as reimbursement for overpayment
  2. Do NOT deposit or cash the check
  3. Contact local law enforcement

Online Threats - Search Engines

Common search engines, such as Google, Bing and Yahoo, are used to find information on the World Wide Web without knowing a specific web address. The idea of the search engine is to locate prominent web pages based on your search criteria and display a listing of these web pages for you to select. The search engine, however, does not know if the web pages listed in your results are legitimate or if these web pages contain suspicious activity. Though these links may not appear suspicious, you must be cautious when selecting unknown websites and videos. Cybercriminals keep track of popular searches at any given time and create phony web pages and malicious videos based on the most searched keywords, people and/or events. These web pages and video links, created by cybercriminals, can be one or more of the many results displayed to the user. If you visit a fraudulent webpage or video, you may unknowingly download malware to your computer and/or the page will request personal or financial information.

Ponzi Schemes

A Ponzi Scheme is a fraudulent investment plan where a person or entity takes people’s money as an ‘investment’ and pays out returns from new ‘investors’. Once the new money coming in fails to pay the prior investors the scheme collapses and most ‘investors’ lose their money (since it was paid out to other ‘investors’ as a return). Below is an example of a Ponzi Scheme.

Rex Venture/Zeek Rewards

Voice Messaging Fraud

"Vishing" is facilitated by Voice Over Internet Phone (VoIP) to gain access to your private personal and financial information. With this scam you receive an automated recorded message that gives you a phone number to call. The message will give the appearance that immediate attention is needed.

If you become a victim of Voice Messaging Fraud, then you should follow the steps below:
  1. Do NOT respond to the message in any form
  2. Inform SECU or the Contact Center at (888) 732-8562 or (919) 857-2150
  3. Delete the message

Return to Online Security

Related Links

*Quoted rates, dividends, annual percentage yields (APY) and rates (APR) are subject to change daily at the discretion of the Board of Directors.