Protect the Confidentiality of Your Login ID and Password

There are three very simple steps you can take to keep your online banking account secure.

#1 – Create a unique login name that is only used for your ELGA account
#2 – Create a good, strong password
#3 – Never share the above information.

Here are additional tips you can follow to prevent unwanted access to your accounts:

• Memorizing your password is the best protection. Never store account information with your login name or password.
• Do not set your internet browser to remember your login ID and/or your password.
• Do not share your password with anyone. Sharing your password with someone else is the same as giving that individual authority to use your name in a transaction.
• Make sure you log out when you’re done using online or mobile banking. Closing the browser is a good practice after you log out.

These are 30 of the most used passwords in the world. Please don’t use any of these.

It’s a good time to check your mobile devices for upcoming subscription services that will automatically deduct money from your account. These are apps that you’ve agreed to pay a monthly or annual fee to use. It’s easy to forget they exist.

Fleeceware apps have been found on Android and Apple IoS devices. Fleeceware apps are not malicious but they do set themselves up for recurring payments, typically after you’ve accepted a trial version. Deleting the app does not always cancel the subscription.

How to cancel mobile app subscriptions

This is how to do it on iOS devices (as described in this Apple support page):

1. Open the Settings app.
2. Tap your name, then tap Subscriptions.
3. Tap the subscription that you want to manage. Don’t see the subscription that you’re looking for?
4. Choose a different subscription option, or tap Cancel Subscription. If you don’t see Cancel Subscription, the subscription is already canceled and won’t renew.

Steps needed on Android devices (based on this Google Play Store support page):

1. Open the Play Store.
2. Check if you’re signed in to the correct Google Account.
3. Tap the hamburger menu icon ​​ Subscriptions.
4. Select the subscription you want to cancel.
5. Tap Cancel subscription.
6. Follow the instructions.

Scammers are taking advantage of fears surround the Coronavirus.  The Federal Trade Commission has put together some tips to help avoid scams.  It’s important to remain diligent in protecting yourself from being taken advantage of.  

Important Tips from the Federal Trade Commission

• Hang up on robocalls. Don’t press any numbers. Scammers are using illegal robocalls to pitch everything from scam Coronavirus treatments to work-at-home schemes. The recording might say that pressing a number will let you speak to a live operator or remove you from their call list, but it might lead to more robocalls, instead.

• Ignore online offers for vaccinations and home test kits. Scammers are trying to get you to buy products that aren’t proven to treat or prevent the Coronavirus disease 2019 (COVID-19) — online or in stores. At this time, there also are no FDA-authorized home test kits for the Coronavirus. Visit the FDA to learn more.

• Fact-check information. Scammers, and sometimes well-meaning people, share information that hasn’t been verified. Before you pass on any messages, contact trusted sources. Visit What the U.S. Government is Doing for links to federal, state and local government agencies.

• Know who you’re buying from. Online sellers may claim to have in-demand products, like cleaning, household, and health and medical supplies when, in fact, they don’t.

• Don’t respond to texts and emails about checks from the government. The details are still being worked out. Anyone who tells you they can get you the money now is a scammer.

• Don’t click on links from sources you don’t know. They could download viruses onto your computer or device.

• Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying they have information about the virus. For the most up-to-date information about the Coronavirus, visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).

• Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.

For more information visit https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing. 

There are a number of peer-to-peer payment apps, also known as P2P, available to make it easy to transfer funds from one person to another. These are a few of the most popular:

• Venmo
• Cash App
• Paypal Friends and Family
• Square Cash
• Zelle 
• Facebook Messenger
• Apple Pay
• Google Pay

P2P is similar to using cash, without actually touching the money. You take funds from an account where you have money and transfer it to another person. Because it’s easy, and because you don’t have to be physically present to make the transaction, this convenience becomes a breeding ground for scams. 

The most common types of P2P scams occur with online ads for merchandise, tickets to concerts and sporting events, puppy scams, fake check scams, and romance scams. What’s common among them is that they claim making a P2P payment is the only option to get the item or service.

Important things you should know about P2P transactions:

• The application is only responsible for transferring of funds. The company backing the application is not responsible for the merchandise.
• These purchases are not able to be disputed, you are fully responsible for any loss you may incur.

Tips to protect yourself:

• Don’t use P2P to purchase products 
  If an online retailer requires payment via a P2P payment service, it’s probably a scam.
• Double check the address, username or phone number of the person you are trying to send money 
  If you make a mistake and send the money to the wrong person, it can be very difficult, or even impossible, to get the money back. If you’re worried you may have the wrong person, send a small amount first to confirm that your intended recipient received it.
• Opt-in for stronger security 
  Almost every popular P2P platform offers the ability to create a personal identification number (PIN). Once that PIN is created, it will be required before any money can be transferred. This extra layer of security protects your money should your phone fall into the wrong hands.
• Send money only to people you know 
  Many peer-to-peer transactions are irreversible, a fact scammers know and exploit.
• Don’t use P2P services for business purposes
  Most of the P2P apps have terms of service which prohibit commercial use, such as using the P2P service to get paid for selling goods or services.

Beware the false sense of urgency many phishing attacks cause.

The ongoing PayPal attack sends emails camouflaged as ‘unusual activity’ alerts warning you of suspicious logins from unknown devices. This campaign attempts to gather all your credentials and financial info. The newest phishing attack and how it works is explained here.
The following information is taken from the linked site.

PayPal lists the following signs you can look for to identify phishing messages easier:

• Impersonal, generic greetings are used; such as “Dear user” or “Dear [your email address]”
• Asks you to click on links that take you to a fake website
• Contains unknown attachments
• Conveys a false sense of urgency
• “Your account is about to be suspended,” “You’ve been paid,” or “You have been paid too much” warnings

Customers who have spotted a phishing message in their inbox posing as an official email sent by PayPal are asked to report it as soon as possible by forwarding it spoof@paypal.com and to delete it as soon as possible.

As always, the safest way to get to a site is to write the address of the site manually in the web browser or use a previously created bookmark if available to avoid being redirected to sites designed to collect your info or infect your computer with malware.

There appears to be a new phishing attack that uses a spoofed address from JHA (Jack Henry).

A spoofed address means that the sender is forging an
email address usually to pretend it’s from a trusted resource.

This attack includes a zip file that could include ransomware. The current reports say that the email references “Your Online Electricity Bill” but this could change as the attack continues. It could use any common bill payee.

Please use caution when opening any email attachment, especially those that you aren’t expecting. When possible, always go directly to a website to log in and don’t use links inside of emails, which can subtly misdirect you.

Our team discovered something about using the ELGACU.com website on Chrome. There’s a limit to how much you can decrease the size of our page before some of the elements wrap and cause the page to look really messy.

This is how it might appear:

If you’ve used the + or – keys to decrease the size, sometimes it doesn’t resize properly after that.

But the fix is super simple!

To tidy up the page again, just reset it by clicking on the magnifying glass in the address bar and choosing Reset.

This will reset the page to full size and clear up any formatting issues you might see.

In our continuing efforts to keep your accounts secure, we’ve improved our alert system for potential fraud.

Here’s how it works:

1. When potential fraud is detected, you will receive an automatic email notification from ELGA Credit Union, with the option to reply with “fraud” or “no fraud.”
2. One minute after the email, you will receive a text alert from 32874 between 7am and 9pm, which also has the “fraud” or “no fraud” option. (*SEE BELOW)
3. If there is no response received from you, five minutes after the text alert, you will receive automatic phone calls to confirm or deny fraud.

Remember – our messages will never ask for your PIN or account number.

*The phone number for our Fraud Center has changed to 1-800-417-4592. If you add this number to your phone contacts and label it “ELGA Fraud Center,” it will display whenever you get a call from this number.

Please take this time to update your phone number and email with us to ensure you are getting these important fraud messages.

The news is reporting another email hack, this time effecting Gmail, Yahoo, and Hotmail. If you use any of these services, you should change your password now.

Here are a couple of tips to keep your important online accounts safer:

• If your email provides a multi factor authentication option, consider using it.
• Keep your email passwords different from your other passwords.
  • Hackers can use your email password to attempt to access other services you use. The thought process is that if you use that password for email, you might also use the same password for accessing your financial accounts.
• Change your passwords!
  • Set up a schedule and change your passwords a few times a year. The benefit of keeping your information protected is worth the temporary inconvenience.
• Don’t reuse old passwords.
  • Modifying a password slightly is more secure than reusing old passwords.

The latest trend in computer viruses is ransomware. Ransomware is fraudulent activity that attempts to take over your computer and blackmail you for cash to release it. All of the virus protection software is reporting an increase in the number of attacks. Here are some things to help keep your computers from falling prey to these criminals:

1. Keep your virus protection software updated. If you don’t use virus protection on your computers, you should start.
   • If you can configure your email server, block attachments with the following extensions: .exe, .vbs, .scr.  If you need to get files with these extensions from a reputable source, ask the sender to zip the files first.
2. Back up your most important files regularly. 
   • Keep copies of your backups somewhere other than on your computer.
3. Be suspicious of all emails that have attachments. 
   • Phishing attempts are emails the pretend to be notifications from delivery services, financial institutions, law enforcement, major retailers offering big dollar savings, and even the IRS. Don’t open attachments unless you were expecting to receive them.
   • Do not enable macros or content when opening files unless you know the source and reason for them.
4. Train yourself to think twice before clicking on a link sent to you in email, text, or on social networks.
   • These links can even come from people you know who have had their accounts hacked or emails stolen. Hover your mouse over the link to see if it looks suspicious.
5. Keep your operating system and browsers up to date.
6. Use a good pop up blocker and only let through trusted sources.
   • ELGA’s XpressLink needs you to allow pop ups for www.elgacu.com. We will never send you messages this way, but it is required to see the login box.
7.  Make sure that you share these tips with everyone that uses your computer.