With the number of scams circulating, it is always important to be on guard for the solicitor that claims he/she is from JHFCU, or even another financial institution, and requests sensitive information. Johns Hopkins Federal Credit Union will NEVER ask you to verify your sensitive JHFCU account or personal information via an unsolicited phone call, text message, or e-mail. Contact us at 410-534-4500 (or 1-800-JHFCU-70) immediately if you are asked for JHFCU account information by phone, email, text or any other suspicious manner, or if someone leaves you a message requesting information. If you are unsure, simply ask for their name (if it's by phone) and say that you will call them back at the JHFCU office. Either way, contact us if you are ever unsure of a recent communication you have had with JHFCU!
Fraud
Awareness 12-21-09
Safety tips that
reduce your exposure to fraud 10-09
Visa
Mastrcard Scam 7-2-09
Foreclosure
Scams 6-26-09
Facebook
Scam
IMPORTANT SCAM INFORMATION
If you log in to your account and a screen appears asking for
your Card Information (card number, card security code, and PIN) do NOT
enter the information. There could be a Trojan or virus on your
PC—please run a virus scan and/or have your PC checked by an IT
security expert. Also, please report the occurrence to JHFCU by calling
410-534-4500. JHFCU will NEVER ask you to provide a card number or PIN
on our website or via an email to confirm your identity, and you should
consider any request for that information to be a fraudulent phishing
attempt. (If a screen appears asking your Security Challenge questions,
that is an appropriate screen—you can choose to enroll your PC to
avoid those questions in the future).
More Information: click here
In
the past, some of our members have received fradulent e-mails claiming
to be from JHFCU. The e-mails claim that you have been locked out of your
account and want you to verify your identity, but they are really scams
trying to steal your identity. There are some indicators you can look
out for to tell whether an e-mail is from a legitimate source, like JHFCU
or the National Credit Union Administration (NCUA), or people scamming
for your personal information.
If you receive an e-mail from a seemingly legitimate organization, which may include an authentic-looking sender address and/or offical organization logos, look at it closely for the following tell-tale signs of phishing:
If you suspect the e-mail is fradulant, contact the purported sender to verify its authenticity. DO NOT respond to the e-mail or click on any of its links. The Credit Union keeps a running list of phishing e-mails that appeared to be from us, but did not actually come from JHFCU. To view these e-mails, click here. You may also read our identity theft article (PDF), which includes informaiton about phishing and ways to protect your personal information.
Get information about the availability of the Federal Trade Commission’s online guidance regarding steps to protect against identity theft.
1. What is malware?
Malware – formed from the words malicious and software
– is a general term used by computer professionals to refer to many
different kinds of computer software designed to infiltrate or damage
a computer system without the owner’s knowledge or consent. Malware
includes computer viruses, worms, trojan horses, spyware and many other
malicious and unwanted software types.
2. How can a malware infection occur?
Malware can infect a user’s computer through many paths, including
pop-up messages that ask users to download things, links in web pages
or e-mails, infected websites and many other methods that can sometimes
even be invisible to the user. Malware is often used in conjunction with
phishing scams.
3. What are the consequences of malware?
At a minimum, malware is a nuisance, sometimes displaying unwanted advertising
or using a user’s computer to send spam. At its worst, malware has
the potential to steal personal and financial information ranging from
browsing habits to e-mail address lists to online banking passwords and
even identity theft.
4. How can you protect yourself against mailware?
While there is no single fool-proof method, users should keep their anti-virus
software up to date and running and keep their operating systems and applications
updated with the latest patches from the manufacturers.
Other common suggestions include exercising extreme caution with e-mail links and attachments and using firewalls to protect information on personal computers. Also look for login windows or messages that appear strange or different, which could be signs that your computer has been affected with malware.
5. What should we do if one of our end users is affected by malware?
JHFCU cannot give specific remediation advice in connection with malware.
Just remember to remain vigilant to the risks of malware, phishing and
other suspicious activities by taking steps to minimize risk. 
First there was “phishing,” where potential thieves would try to get your personal information by sending you a fake e-mail claiming to be from a legitimate financial institution or company, like PayPal. Now scam artists have come up with a similar ruse, known as “vishing,” which is basically phishing by phone.
Vishing scams come in two varieties. The first is conducted solely by phone. A consumer is called, usually by an automated dialer, and told that the privacy of their credit card or bank account has been compromised. They are then told to call back a certain number immediately to “verify” their information.
The second type of vishing is just like the first, except that the intended victim gets an e-mail instead of a call. The message is like that of a phishing e-mail, but instead of clicking on a link, the person is asked to call a certain number.
Either way, when the consumer calls the number, they reach an automated voice response system that asks the consumer to enter things like their account number, password, birth date, and Social Security number. As the unsuspecting consumer enters the information on their keypad, the crook records their keystrokes.
If you are unsure of any call you receive from JHFCU, simply ask for their name and say that you will call them back at the JHFCU office (410-534-4500 or 1-800-JHFCU-70).
Be on the look out for text messages claiming to be from your financial institutions. These are most likely a scam. The message urges the recipient to call a number provided for information about account discrepancies and then solicits individual account information and pin numbers. Financial institutions will never alert you to a problem with your account through a text message. If you receive a text message claiming to be from a financial instituion it is most likely a scam. Do not respond to it and do not go to any websites they may direct you to.
Johns Hopkins Federal Credit Union will NEVER ask you to verify your sensitive JHFCU account or personal information via an unsolicited text message.
Along with the vulnerabilities that Microsoft patched Tuesday, the software giant's customers have a new problem to grapple with: a fake notification e-mail that looks remarkably legitimate.
Attackers are apparently taking advantage of Microsoft's Patch Tuesday to send legitimate-looking e-mails that include a Trojan virus. Trojan.Backdoor.Haxdoor allows attackers to execute files and steal information from compromised computers. The fake mailing includes a legitimate-looking PGP signature, as well as purporting to come from a real Microsoft employee.
Christopher Budd, a security program manager in the Microsoft Security Response Center, offers this perspective on the e-mails in a security posting:
We received some questions from customers about an e-mail that's circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe. While malicious e-mails posing as Microsoft security notifications with attached malware aren't new (we've seen this problem for several years) this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it. While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is not a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor."
Dancho Danchev at ZDNet's Zero Day ponders whether the timing of this malware campaign will affect its success rate.
"Compared to the recent targeted malware attack against U.S schools, and the massive fake CNN news items campaign taking advantage of client-side vulnerabilities, this one is definitely going to have a lower success rate--no matter the timing," Danchev writes.
Source: http://news.cnet.com/8301-1009_3-10066541-83.html; Posted by Steven Musil, (accessed 10-17-08).
Check to see if you need updates for your hardware or your devices:
Microsoft: http://www.update.microsoft.com/
