Security

Security lock on a keyboard

Fraud Alerts

Phone Scams

August 8, 2014

A few members have received calls from organizations posing as SAC Federal Credit Union, asking for account information including debit or credit card numbers. SAC FCU would never request to verify this information over the phone. Thank you.

Svpeng Virus

July 1, 2014

Recent news reports have raised concerns regarding the Trojan “Svpeng” virus potentially putting mobile banking users at risk. SAC FCU is aware of this new virus threat and there is no evidence showing that our systems are being targeted. We are working closely with our vendors to ensure that our mobile banking environment remains safe.

What is Svpeng?

The U.S. version of this Trojan has acted as ransomware, locking Android devices it infects under the pretext of supposed criminal activity by the user.

Who is affected?

This virus can potentially affect ANY Android device, regardless of any apps running or installed.

What can I do?

While an antivirus software is a good place to start to protect your Android device or your computer, it won’t protect either device from every attack. The Google Play Store provides these tips to prevent infection:

  • Users should never install an app unless they specifically tried to install it themselves directly from the Google Play store, and should be especially cautious about installing apps based on links in emails, SMS messages, etc. Even if an app looks like a commonly used program, it could be a digital wolf-in-sheep’s-clothing. If a user is prompted to install an app, it is generally recommended that they don’t immediately install, but instead look up the app on Google Play, download it there, and then continue.
  • The Google Play store is the safest place to download Android apps, and the only place where our mobile banking apps are officially offered to Android users. Alternative app stores do not necessarily have the security standards used by Google and there have been incidents in other countries where a malware-infected version of a mobile app was put on alternative app stores and downloaded by unsuspecting users.
  • It is especially important that the average Android user never allow an app to activate the “device administrator” feature of their mobile device.
  • Users should back up their devices regularly so that in the event of infection, they will not lose all of their data.

Where can I learn more?

Additional information about the “Svpeng” virus can be found by visiting any of these sites:

  • http://www.securelist.com/en/blog/8227/Latest_version_of_Svpeng_targets_users_in_US
  • http://www.securelist.com/en/blog/8138
  • http://www.americanbanker.com/issues/179_114/first-major-mobile-banking-security-threat-hits-the-us-1068100-1.html

Heartbleed Vulnerability

April 15, 2014

SAC Federal Credit Union has conducted reviews of our systems, including conversations with key third-party vendors, and verified that our systems and our members’ data are not at risk.

What is Heartbleed?

Heartbleed is a vulnerability of certain versions of OpenSSL, a security standard encrypting communications between users and servers provided by a variety of online services. According to McAfee, “The mistake makes it viable for hackers to extract data from massive databases containing user names, passwords and other sensitive information.”

Is my information at SAC FCU vulnerable?

No, your information at SAC FCU is safe and secure. SAC FCU and its website were not affected, including SAC FCU’s online banking, the SAC Mobile Access iPhone and Android app, web-based mobile banking, and text banking.

What should I do?

This is a great time to review your online security. SAC FCU advises not to use passwords on more than one site – if you are using the same password on multiple sites, follow these steps:

  1. Use a site checker like McAfee’s to see if the sites you use are open to vulnerability from Heartbleed. If the site is still vulnerable, wait until the site is updated and no longer vulnerable to change your password.
  2. If the site isn’t vulnerable, create a strong password for each site. This guide from Mozilla.org has great advice on how to create a strong password, including steps for customizing a password for different sites that’s still easy for you to remember. Even if you don’t use the same password on multiple sites, it’s still a good practice to change passwords periodically.

An online test site I used says SAC FCU might be vulnerable to Heartbleed. Is it?

No. While a portion of SAC FCU’s online domains use OpenSSL, the versions used were not affected by Heartbleed. We have taken steps to ensure our systems and data are secure, and are continuing to take steps to limit the risks associated with Heartbleed.

What if my information was vulnerable through another site?

If you do find yourself a victim of identity theft, whether through the Heartbleed vulnerability or another attack, don’t despair. Start with our blog post “The road to recovery: What to do when your identity is stolen” and download our Essential ID Theft Checklist to get back on track.

SCAM ALERT

October 10, 2013

Safeguard yourself from fraudulent activity, especially text messages that are from an unknown source. SAC Federal Credit Union does not use text messages to handle security questions regarding your account. If you receive a text message and are unsure of its validity, call or visit any SAC Federal Credit Union branch and speak to a representative.

Be aware of phishing scams advising you to check your credit score due to a security concern. If you have received an email or had a pop-up message while browsing advising you to do this, be aware that this is a scam.  These messages did not originate from SAC Federal Credit Union. It appears to be a phishing scam that is attempting to gain access to your personal data. DO NOT open, click on any links or respond to these requests. If it is an email, delete it from your computer. If it is a pop-up window, you should run an anti-virus/anti-malware scan on your computer immediately.

Protect Your MasterCard Debit Card

A national retailer recently experienced a security breach of their credit card data. Protect your card in the future by enrolling in the free MasterCard Secure Code program. This program adds a personal password to your debit card so only you can use the card for online purchases. It’s easy and safe.


Identity Theft Identity Theft

Laptop Phishing

ATM ATM Safety