In our continuing efforts to keep your accounts secure, we’ve improved our alert system for potential fraud.

Here’s how it works:

1. When potential fraud is detected, you will receive an automatic email notification from ELGA Credit Union, with the option to reply with “fraud” or “no fraud.”
2. One minute after the email, you will receive a text alert from 32874 between 7am and 9pm, which also has the “fraud” or “no fraud” option. (*SEE BELOW)
3. If there is no response received from you, five minutes after the text alert, you will receive automatic phone calls to confirm or deny fraud.

Remember – our messages will never ask for your PIN or account number.

*The phone number for our Fraud Center has changed to 1-800-417-4592. If you add this number to your phone contacts and label it “ELGA Fraud Center,” it will display whenever you get a call from this number.

Please take this time to update your phone number and email with us to ensure you are getting these important fraud messages.

The news is reporting another email hack, this time effecting Gmail, Yahoo, and Hotmail. If you use any of these services, you should change your password now.

Here are a couple of tips to keep your important online accounts safer:

• If your email provides a multi factor authentication option, consider using it.
• Keep your email passwords different from your other passwords.
  • Hackers can use your email password to attempt to access other services you use. The thought process is that if you use that password for email, you might also use the same password for accessing your financial accounts.
• Change your passwords!
  • Set up a schedule and change your passwords a few times a year. The benefit of keeping your information protected is worth the temporary inconvenience.
• Don’t reuse old passwords.
  • Modifying a password slightly is more secure than reusing old passwords.

The latest trend in computer viruses is ransomware. Ransomware is fraudulent activity that attempts to take over your computer and blackmail you for cash to release it. All of the virus protection software is reporting an increase in the number of attacks. Here are some things to help keep your computers from falling prey to these criminals:

1. Keep your virus protection software updated. If you don’t use virus protection on your computers, you should start.
   • If you can configure your email server, block attachments with the following extensions: .exe, .vbs, .scr.  If you need to get files with these extensions from a reputable source, ask the sender to zip the files first.
2. Back up your most important files regularly. 
   • Keep copies of your backups somewhere other than on your computer.
3. Be suspicious of all emails that have attachments. 
   • Phishing attempts are emails the pretend to be notifications from delivery services, financial institutions, law enforcement, major retailers offering big dollar savings, and even the IRS. Don’t open attachments unless you were expecting to receive them.
   • Do not enable macros or content when opening files unless you know the source and reason for them.
4. Train yourself to think twice before clicking on a link sent to you in email, text, or on social networks.
   • These links can even come from people you know who have had their accounts hacked or emails stolen. Hover your mouse over the link to see if it looks suspicious.
5. Keep your operating system and browsers up to date.
6. Use a good pop up blocker and only let through trusted sources.
   • ELGA’s XpressLink needs you to allow pop ups for www.elgacu.com. We will never send you messages this way, but it is required to see the login box.
7.  Make sure that you share these tips with everyone that uses your computer.

ELGA has contracted with Digital Defense Inc. to bring our members a wealth of FREE training, education and awareness modules concerning your digital safety. The content is designed for quick, informative reading full of useful tips. Take a look at the topics that are included:

• Online Shopping
• ATM Safety
• Banking Myths
• Home Firewalls
• Home Computer Tips
• Secure Transactions
• Online Fraud
• Passwords
• Viruses/Worms
• Trojans & Spyware
• Child Safety Online
• Wireless Security
• Keylogging
• Vishing
• Botnets
• Old Computer Disposal
• Social Networking Online
• VoIP Security
• Social Media Dangers
• Identity Theft Prevention

You can access this information here:    It’s FREE and we don’t ask for identifying information.

We’ve also put it under the link at the top of our Alerts Page under Web Security so that you can find it any time!

We hope you’ll take advantage of this valuable resource.

Please use caution when selling items via Craigslist or other means where a face-to-face transaction is not required, as there has been an increase recently in transactions via these channels. For instance, if you have posted an item for sale on Craigslist, you may receive an email or text from an unknown person who expresses a desire to buy your item. Through whatever means, they propose the exchange of funds via a means which will not require a meeting in person, and most often offer to mail you a cashier check for payment.

Quite often, the check received will exceed the amount of the sale price, and the scammer offers some explanation for the excess balance, and ‘trusts you’ to wire the overage back to them. However, once you negotiate the fake check, when the check fails to clear you will be held responsible. You have wired the scammer good funds from your own account, but are now responsible for the full amount of the fake check that you negotiated.

So, the old adage is true ~  If it seems too good to be true, it probably is!

Card Cracking has been in the local news recently and it’s becoming more common place in our local colleges and university and it’s a problem.

Here is a good explanation of card-cracking from Wells-Fargo:

You see a post on social media (primarily Facebook, Twitter, and Instagram) about making quick and easy money. The scammer will ask you for your debit card and Personal Identification Number (PIN) in order to deposit a check into your account. In exchange for your information, the scammer promises you a portion of the funds being deposited. After receiving your account information, the scammer deposits a fake check into your account, via ATM, mobile deposit or other method. The scammer immediately withdraws the deposited funds from your account, sometimes resulting in an overdraft. They may then direct you to report a lost or stolen card to the bank and seek a reimbursement for the “stolen funds.”

Tips:

• Your participation turns you into a co-conspirator.
• If you take part in a card-cracking scam, you could lose more than just the funds in your account. It is illegal to knowingly deposit bad checks and can result in both hefty fines and criminal charges. 
• If it seems too good to be true, it usually is.
• Don’t respond to online solicitations from people you don’t know. 
• Never share your banking information with others.

Other common scams to watch for:

• Do not cash checks for strangers, no matter how compelling their story.
• Do not wire funds to people you do not know and trust well. This scam is often seen with on-line dating relationships.
• If you are informed you have won the lottery, know that legitimate lotteries pay the taxes to the government. They do not ask the winner to pay.
• Government agencies do not spontaneously award free grants. Do not pay processing fees for a grant you did not submit.
• Offers to perform minimal work from home for a lot of money are typically scams. Do not accept any work-at-home opportunities that involve processing checks or electronic payments through your personal account. This includes “mystery shoppers.”
• If you are selling an item or renting property, never accept a check for more than the purchase or rental amount. Do not return “just the difference.“
• Do not share your Internet Banking password with anyone. Do not allow anyone permission to remotely deposit a check into your account.

Always double check any offer that seems extremely good in your favor. Ask for references and numbers where you can initiate a call and verify who you are speaking with.

Remember that any of the above scams can result in you being liable for the money involved.

Be Alert and Aware at ATMs

• Use familiar, well lit ATMs whenever possible.
  If you need to use a non-ELGA ATM, make sure that it’s clear of obstructions and you know where the blind spots are located.
• Familiarize yourself with your ATM and make sure there are no signs of tampering.
  The card reader should be secure and the lights working.
• Leave immediately if you see anyone you feel is suspicious.
• Come to the ATM prepared to make your transaction quickly.
  Take your money immediately from the machine when it’s dispensed, don’t allow yourself to be distracted during your transaction.
• Don’t let anyone stand near enough to read your PIN as you enter it.
  Shield the keypad with your hand.
• Do NOT count your money at the machine, wait until you have left and are secure.
• Do NOT throw your ATM receipt away at the ATM location.
• ALWAYS make sure you have your card, your money and your receipt.
• Do NOT write your PIN on your card, or keep a record of your PIN in your wallet or purse.

Be Smart about Mobile Banking

• Make sure your devices are updated with the latest software
• Download your apps only from trusted stores (Apple App Store or Google Play)
• Make sure your device is password protected
• Do NOT send information over public Wi-Fi networks, use cellular data when using your banking app.
• Do NOT store your passwords or sensitive information on your phone.
• Check your mobile device privacy settings

Stay Safer Online

• Check Your Accounts Often to make sure they are correct.
  Report incorrect transactions immediately.
• Buy only from trusted websites. Pay attention to the URL when you enter your payment info.
  You should not enter sensitive information when the URL shows HTTP://, it should be HTTPS:// with no errors.
• Avoid clicking links on email or social media.
  Go directly to the site instead by entering the URL.
• Save all records of your online transactions.

Have a safe and wonderful 2016!

The Co-Op Financial Services team is reporting an increasing number of ATM skimming cases so far this holiday season.

ATM skimming, of course, is like identity theft for debit cards. Fraudsters use hidden electronics to steal the personal information stored on a card, and record the owner’s PIN number to access the hard-earned cash in the member’s account.

Further research by CO-OP finds that about 75 percent of the ATM skimming cases occur at off-premise ATMs.

Here are three tips to keep your money safer when  you use an ATM:

Protect Your PIN

Hidden cameras are often used to steal your PIN. Covering the keyboard as you enter your PIN is a simple way to help avoid theft. Never give your PIN to anyone. And, do not use any ATM with a card reader that appears altered.

Stay Away from Unfamiliar ATMs

The safest ATMs are those with the logo of your credit union and, of course, CO-OP ATM.

Check Your Balances Frequently

If you notice something wrong, use the contact number on the back of your debit card to report any fraudulent withdrawals.

Cyber Monday promises a ton of deals for the savvy shopper. Scammers know this and they are ready with emails to flood your inbox with false promises.

Before you click on that amazing deal you see in your inbox, make sure you’re going to a legitimate page. Do this by hovering over the link and looking at the destination URL that shows. It should take you to the main site for that business. Here are two that don’t!

Question the great deals you see to make sure you’re getting what you what from the actual business to stay safe from scams during the holidays and after!

Happy Real Deal Finding!

It’s time for another reminder to always be vigilant to avoid communicating private information via unsecured emails.

Please be aware of any e-mail that asks you to log in to your account, verify your account, or provide any other identity information. Be wary no matter what reason is given, and no matter how convincing the e-mail may be.

Follow these simple rules and you should be safe:

• Don’t click on any links within an e-mail asking you to access your account or to verify PIN numbers, passwords, or other sensitive information.
• If you get an e-mail that appears to be from ELGA Credit Union asking you to log in or for other private information, immediately contact your member services group at (810) 715-3542 and report the incident. Be prepared to forward a copy of the message to them for review if requested to do so.
• If you or someone in your family mistakenly follows a link and provides sensitive information, immediately call your financial institution so they can monitor your account and lock down accounts at risk.
• Remember, the thief copies text and images from banking websites to make the e-mails look authentic and fool people into divulging sensitive information.
• Never give out your personal or account login information after following a link from an e-mail, even as “identity verification” for a contest. Attackers frequently use such tactics to lure you into giving up identifying information.

If you need to communicate with us electronically, we recommend using the Message Center option inside of XpressLink Internet Banking or the Messages option in  the XpressLink Mobile app.

ELGA Credit Union has taken strong measures to ensure the security and safety of your account and its overall online banking system. By staying alert to potential security threats and keeping in mind the suggestions listed above, you can help us keep online banking extremely safe and secure. Follow the good practices and use the knowledge we’ve provided here, and you will be much more prepared to enjoy the conveniences of online services with peace of mind!

For more information about staying safe on the Internet, please consider visiting our Digital Defense affiliate site  to read a variety of electronic training, awareness, and education modules.