Minimizing the risk of current threats is a cooperative effort of SECU and our membership. Please review
how you can protect yourself
from these threats, as well as
how SECU protects you
Russian Cyber Gang
In August of 2014 there have been reports that a Russian cyber gang has successfully attacked at least 420,000 websites to obtain online credentials (email address and
password). They used tools to find websites that were vulnerable to specific type of attack called a SQL injection. The Credit Union’s websites are not vulnerable to a
Here is a short list of measures that should be taken to protect your overall online identity.
- Do not use the same User ID and password combination at multiple websites.
- Change User IDs and passwords frequently. Change security questions on a regular basis. On Member Access visit the 'Services' tab to update all of these.
- Setup complex User IDs and passwords.
- Sign up for real-time security alerts. Visit the 'Alerts' tab in Member Access.
- Do not click on links in emails that are from unknown sources.
- Be sure to have security protection on your personal computer. This should include a firewall, anti-virus and anti-malware. Set your software to automatically
update virus definitions and rules.
The Credit Union spends millions annually on security. We have active, real-time, 24-7 monitoring of the network security. Online security is a priority and the Credit Union
continues to enhance and evolve its security posture as new threats emerge.
Online Threat - Heartbleed Bug
In April 2014, news reports raised concerns about a "bug" that could affect Internet websites which use Open SSL, software often used to secure data. It was determined that
the Credit Union does not use the version of Open SSL that is vulnerable to this attack; however, many websites were affected. It is suggested that you change your passwords
frequently and do not use the same password at multiple sites. You may also want to verify that the other secure website(s) you are using are protected against the Heartbleed
Malware, derived from the words "malicious" and "software", is used by criminals to damage your computer system without your
knowledge. Malware includes all types of unwanted software such as computer viruses, worms, trojan horses, spyware and adware. This software can
create a pathway for criminals to gain personal information. If you are a victim of Malware, you will need to clean and secure all computers at your
If you are a victim of Malware, then you should follow the steps below:
- Update your data definition file
- Scan computer with an Anti-Virus program
- Scan computer with an Anti-Trojan program
- Scan computer with an Anti-Spyware/Adware program
- Run Window Update on your computer
- Install a Firewall program
- If applicable secure your wireless network
Text Messaging Fraud
Messaging fraud is the newest type of scam where members receive a fraudulent message on their phone. "Smishing" uses cell phone text messages to get you to divulge your
personal information. The latest scam is to send a text that is titled ‘fraudulent activity on your debit card’. The message may include a website address, a
number to text a response or a phone number to call. The scammer will then try to get you to provide information such as social security number, card number and CVV2
information. The message will give the appearance that immediate attention is needed.
If you are a victim of Messaging Fraud, then you should follow the steps below:
- Do NOT reply to the message in any form
- Forward the message to firstname.lastname@example.org so it can be researched
- Delete the message
Email fraud, or "phishing", involves emails that appear to be from a legitimate source, but are a criminal attempt
at obtaining personal and/or account information. Phishing emails will often provide a website link that will direct
you to a fake website. It will prompt you to enter your personal information. Don't be fooled! The site will look
almost identical to the legitimate one. It is important to remember that State Employees' Credit Union never requests
personal information via email, as email is not a secure method of communication.
If you are a victim of email fraud, then you should follow the steps below:
- Do NOT click any links in or reply to a suspicious email
- Do NOT enter any requested information
- Contact the SECU Contact Center immediately at (888) 732-8562 or (919) 857-2150
- Forward the email to email@example.com
Other Online Fraud
Fraud can also occur when selling items through an online auction service. The following is a common online auction scam:
You are selling merchandise through an auction site or buy from seller site. The buyer sends you a check that is more than the asking price. You contact the buyer
to let him/her know of the error. The buyer apologizes for the mistake and states they sent you the wrong check. The buyer tells you to deposit the check anyway
and wire the extra funds back to a specific account. This sounds legitimate but after the check is processed, the Credit Union discovers the check is fraudulent.
Since the member who deposits the check bears the responsibility of the check, you are notified that your account needs to be debited to cover the returned check.
If you become a victim of online auction fraud, then you should follow the steps below:
- Do NOT wire funds to anyone as reimbursement for overpayment
- Do NOT deposit or cash the check
- Contact local law enforcement
Online Threats - Search Engines
Common search engines, such as Google, Bing and Yahoo, are used to find information on the World Wide Web without knowing a specific web address. The idea of the search
engine is to locate prominent web pages based on your search criteria and display a listing of these web pages for you to select. The search engine, however, does not know
if the web pages listed in your results are legitimate or if these web pages contain suspicious activity. Though these links may not appear suspicious, you must be cautious
when selecting unknown websites and videos. Cybercriminals keep track of popular searches at any given time and create phony web pages and malicious videos based on the most
searched keywords, people and/or events. These web pages and video links, created by cybercriminals, can be one or more of the many results displayed to the user. If you
visit a fraudulent webpage or video, you may unknowingly download malware to your computer and/or the page will request personal or financial information.
A Ponzi Scheme is a fraudulent investment plan where a person or entity takes people’s money as an ‘investment’ and pays out returns from new ‘investors’.
Once the new money coming in fails to pay the prior investors the scheme collapses and most ‘investors’ lose their money (since it was paid out to other ‘investors’ as a return).
Below is an example of a Ponzi Scheme.
Rex Venture/Zeek Rewards
Voice Messaging Fraud
"Vishing" is facilitated by Voice Over Internet Phone (VoIP) to gain access to your private personal and
financial information. With this scam you receive an automated recorded message that gives you a phone number to call.
The message will give the appearance that immediate attention is needed.
If you become a victim of Voice Messaging Fraud, then you should follow the steps below:
Return to Online Security
- Do NOT respond to the message in any form
- Inform SECU or the Contact Center at (888) 732-8562 or (919) 857-2150
- Delete the message