There are a number of peer-to-peer payment apps, also known as P2P, available to make it easy to transfer funds from one person to another. These are a few of the most popular:

• Venmo
• Cash App
• Paypal Friends and Family
• Square Cash
• Zelle 
• Facebook Messenger
• Apple Pay
• Google Pay

P2P is similar to using cash, without actually touching the money. You take funds from an account where you have money and transfer it to another person. Because it’s easy, and because you don’t have to be physically present to make the transaction, this convenience becomes a breeding ground for scams. 

The most common types of P2P scams occur with online ads for merchandise, tickets to concerts and sporting events, puppy scams, fake check scams, and romance scams. What’s common among them is that they claim making a P2P payment is the only option to get the item or service.

Important things you should know about P2P transactions:

• The application is only responsible for transferring of funds. The company backing the application is not responsible for the merchandise.
• These purchases are not able to be disputed, you are fully responsible for any loss you may incur.

Tips to protect yourself:

• Don’t use P2P to purchase products 
  If an online retailer requires payment via a P2P payment service, it’s probably a scam.
• Double check the address, username or phone number of the person you are trying to send money 
  If you make a mistake and send the money to the wrong person, it can be very difficult, or even impossible, to get the money back. If you’re worried you may have the wrong person, send a small amount first to confirm that your intended recipient received it.
• Opt-in for stronger security 
  Almost every popular P2P platform offers the ability to create a personal identification number (PIN). Once that PIN is created, it will be required before any money can be transferred. This extra layer of security protects your money should your phone fall into the wrong hands.
• Send money only to people you know 
  Many peer-to-peer transactions are irreversible, a fact scammers know and exploit.
• Don’t use P2P services for business purposes
  Most of the P2P apps have terms of service which prohibit commercial use, such as using the P2P service to get paid for selling goods or services.

Big events bring out scammers. Here’s what to be aware of going into Super Bowl Weekend:

Summary: One of the most-anticipated sporting events of the year is almost here. Like any popular event, the Super Bowl can be a fertile breeding ground for various malicious actors looking to scam you out of your hard-earned money or your personal data. A wide variety of scams targets both spectators who are watching from the comfort of their living rooms and those cheering for their teams in the stadium. Here are some ways you can tackle security offenses that may be targeted against you.

The Big Three!

• Streaming from unverified sites
• Tickets from unofficial sources
• Special apps and hotspots

Read more on how to protect yourself here: Don’t get sacked!

Beware the false sense of urgency many phishing attacks cause.

The ongoing PayPal attack sends emails camouflaged as ‘unusual activity’ alerts warning you of suspicious logins from unknown devices. This campaign attempts to gather all your credentials and financial info. The newest phishing attack and how it works is explained here.
The following information is taken from the linked site.

PayPal lists the following signs you can look for to identify phishing messages easier:

• Impersonal, generic greetings are used; such as “Dear user” or “Dear [your email address]”
• Asks you to click on links that take you to a fake website
• Contains unknown attachments
• Conveys a false sense of urgency
• “Your account is about to be suspended,” “You’ve been paid,” or “You have been paid too much” warnings

Customers who have spotted a phishing message in their inbox posing as an official email sent by PayPal are asked to report it as soon as possible by forwarding it spoof@paypal.com and to delete it as soon as possible.

As always, the safest way to get to a site is to write the address of the site manually in the web browser or use a previously created bookmark if available to avoid being redirected to sites designed to collect your info or infect your computer with malware.

Having an often used website store your credit card information was a nice feature for a short time. Putting your credit card information into someone else’s hands makes a very attractive target for skimmers. Please consider removing your credit card information on retail sites to help prevent having your card info compromised.

The following information is an excerpt from an in-depth article on the October data breach at Macy’s.

Stored credit card information is now a target

Until now, one common aspect of almost all web skimming attacks was that they targeted the checkout processes because that’s where shoppers input their payment information. Injecting malicious code into a single page instead of the entire website, like is the case with other web-based malware, decreases the chances of the compromise being discovered, but on the other hand, it gave defenders a specific place to monitor and look for web skimming code.

The hackers who compromised Macys.com realized that there are multiple areas in an online shop where users can input card information and not targeting them as well is a wasted opportunity. One of such places is the wallet – an account section where users can configure payment cards to be used without manually inputting them in the future.

The problem is that when displayed in their wallet or when selecting an already stored payment card during checkout, the card numbers are usually masked by the websites and most digits are replaced by asterisks. To overcome this problem, the Magecart skimmer used on Macys.com was designed to hook into the wallet functions that handle editing, adding or removing payment cards.

“The ability for attackers to skim the Macy’s wallet page is a momentous development for web skimming,” the RiskIQ researchers said. “For the longest time, having stored payment information was an effective way of avoiding skimming attacks. The attackers targeting Macy’s took this as a challenge and made their skimmer multifaceted. It is not just a skimmer for a checkout process; it is a skimmer for valuable information, wherever it may be.”

Most people only think of credit card skimmers being a physical device. The article linked here Credit Card Skimmers Found in Counterfeit Shoe Store Pages shows how they’ve been found as software code on sites selling counterfeit designer shoes. The article gets detailed on how this works. If you’re just interested in how to protect your card, the article provides these guidelines:

Here are some tips on how to reduce the risks associated with online shopping:

• Make sure that your computer is malware-free and running the latest patches. Leverage a security product that offers web protection.
• If you are shopping on a site for the first time, check that it looks maintained. While this does not replace a thorough security scan, seeing notes such as “Copyright 2015” may indicate that the website is not really being looked after.
• Minimize how often you enter your credit card data by relying on other payment methods instead. For example, large reliable online retailers, such as Amazon already have your payment details archived into your account. Other safe methods include Apply Pay or prepaid Visa or Mastercards.
• Check your bank/credit card statements regularly to identify potentially fraudulent charges.
• Help prevent further attacks by reporting any fraudulent activity (especially if you were victim) to law enforcement authorities.

It’s human nature to use the shortcuts provided to us. The criminal element is getting better at recognizing that and using it to their advantage.

One of the best things you can do when going to a site where you need to identify yourself, is to type out the URL. Avoid clicking on links in an email or text messages.

If it isn’t already second nature, start building the habit of looking at the URL critically before clicking on a link. Hovering your mouse cursor over a link should show you where the link will take you.

• For the ELGA site, is ELGA spelled correctly?
• Is it where you thought you were going?

Remember: the official URL for the main ELGA website is www.ELGACU.com

If there is anything about the link that feels off to you, don’t click the link and don’t input information about yourself on the site.

Remember that your identity and personal information is valuable and there are those who will try and trick you. Don’t give them the chance.

There appears to be a new phishing attack that uses a spoofed address from JHA (Jack Henry).

A spoofed address means that the sender is forging an
email address usually to pretend it’s from a trusted resource.

This attack includes a zip file that could include ransomware. The current reports say that the email references “Your Online Electricity Bill” but this could change as the attack continues. It could use any common bill payee.

Please use caution when opening any email attachment, especially those that you aren’t expecting. When possible, always go directly to a website to log in and don’t use links inside of emails, which can subtly misdirect you.

Our team discovered something about using the ELGACU.com website on Chrome. There’s a limit to how much you can decrease the size of our page before some of the elements wrap and cause the page to look really messy.

This is how it might appear:

If you’ve used the + or – keys to decrease the size, sometimes it doesn’t resize properly after that.

But the fix is super simple!

To tidy up the page again, just reset it by clicking on the magnifying glass in the address bar and choosing Reset.

This will reset the page to full size and clear up any formatting issues you might see.

Email threats of ransomware up their game

There is a new Ransomware attack called Goldeneye and it packs a double punch.  It not only encrypts your files but also your Master File Table (MFT).  The attack has two attachments, a PDF document and an Excel spreadsheet.  The PDF file is a social engineering attempt to get you to open the Excel spreadsheet which pulls down the malware to infect your workstation.  In this case the bad guys don’t ask that you enable macros (a clear red flag that has been communicated in multiple Cybersecurity updates) but will encourage you to change your Microsoft Office settings to a setting that will enable the embedded macros to run.  At that point Goldeneye is downloaded and launched and your files and file system become unusable.

In related news:
Ransomware….with payment options!  Some ransomware is now being delivered with the option to pay for the key to unlock your files with bitcoin or the option to pass the infected files to two additional people.  Why?  Because everyone is being taught to be cautious of e-mails from senders you don’t know but not people you do know, or might be expecting something from. Question every email. Email is, and will continue to be, the number one way to deliver malware to your computer.  

Stay alert and question attachments in email from both known and unknown senders.

The screen shots below will alert you to Goldeneye ransomware.

If you suspect that you have been infected with ransomware and your computer is part of a network, remove the infected computer from the network immediately. From another computer or mobile device, do a web search using the phrase I might have ransomware, what do I do now? and look for articles that are less than 6 months old and from a reputable source (i.e.: Microsoft, Sophos, PCWorld) for instructions on what do to next.

Members are reporting that they are receiving a Credit Union Alert text message. The message gives instructions to call a number.  An automated message requests them to input their full card number to reactivated and then press “1”.

Please ignore any such text message. ELGA Credit Union will never employ this type of system where you would be asked to input your card number, account number or social security number from a text message or automated call.

If you ever are in doubt of what you are being asked to do in regards to giving out your information, please call our Member Support line (810) 715-3542.