Whether you are contacted by mail, phone or email, it is not Texans' practice to contact members unsolicited and ask for personal or financial information. If you are contacted by an entity claiming to be Texans who is requesting this type of information, do not respond and contact Texans immediately at 800.843.5295.
For information on the latest scams, read the postings below.
We're aware of a potential phishing campaign that may impact our online banking users. Emails are being sent randomly using a spoofed email address (firstname.lastname@example.org) - these emails are not legitimate communications. Attached to the email is a zip file containing a malicious executable file that looks like a PDF document, which when opened infects the user's computer with malware.
Sample fraudulent email:
Incoming Transactions Report
An incoming money transfer has been received by your financial institution and the funds deposited to account.
Initiated By: Fiserv Inc.
Initiated Date & Time: Fri, 15 Aug 2014 23:00:11 +0700
Batch ID: 976
Please view the attached file to review the transaction details.
How can I protect myself against phishing scams?
We encourage all members to employ security best practices to mitigate phishing and malware threats like this.
On July 28, a security alert was released discussing “Clickjacking” and “Emmental.” Please note: This possible security breach is a global problem that could impact any online banking site and any device. It is not exclusive to Texans Credit Union or our online banking provider.
Clickjacking is a type of phishing attack that begins by tricking users into clicking a malicious link. Once this malicious link has been visited, it allows a malicious user to overlay malicious clickable links over valid websites without the user’s knowledge to obtain confidential information.
Clickjacking capabilities include:
Is online banking safe?
Yes – our online banking provider has completed a thorough investigation and has concluded that the Clickjacking attack does not affect online banking, bill pay or mobile banking.
Emmental is a malware attack that redirects internet traffic to malicious servers. The attack is two-fold beginning by opening a malicious file; when the file is opened, it makes changes to a user’s computer. The attack then attempts to have the user install “secure token generator” malware on their Android or Apple mobile device when they next visit a valid banking site.
The “Secure Token Generator” malware when installed will then gain access to read text messages in an attempt to capture codes that are sent by some banking sites that are used as secondary security measures to protect against unauthorized access to banking information.
How can I protect myself against threats like Clickjacking and Emmental?
We encourage all members to employ security best practices, including:
On June 20, a security alert announced two recently-discovered vulnerabilities called Sypeng and Dyreza.
Please note: This possible security breach is a global problem that could impact any online banking site and any Android device. It is not exclusive to Texans Credit Union or our online banking provider.
Svpeng is a malware for Android devices. Svpeng searches for specific mobile banking apps on your device, then locks the device and demands money to unlock it. In the United States, Svpeng breaks into a mobile device through a social engineering campaign using text messages. Svpeng capabilities include:
Dyreza is a malware that redirects traffic to malicious servers. Dyreza is spread through spam email messages such as "Your FED TAX payment ID [random number]" and "RE: Invoice #[random number].” These messages contain a “.zip” file often hosted on legitimate domains to minimize suspicion. Opening this file infects the computer with the malware. Dyrezea views unencrypted web traffic in the Internet Explorer, Chrome and Firefox browsers and captures your credentials by sending you to malicious servers, while you think you are securely connected to your financial institution’s legitimate website.
Is my iPhone vulnerable to Svpeng and Dyreza? iPhones and Android devices use different operating systems. Svpeng specifically targets the Android operating system. Dyreza does not target mobile devices; it exploits Internet Explorer, Chrome and Firefox browsers.
Is online banking safe? Yes – our online banking provider has completed a thorough investigation and has concluded that the Dyreza vulnerability does not affect online banking, bill pay or mobile banking.
How can I protect myself against threats like Svpeng and Dyreza? We encourage all members uphold security best practices including the following:
We are aware of the card compromise that PF Chang's Bistro reported on June 9. According to the statement provided on the company's website, they are working with the Secret Service and card processors to determine what specifically was compromised. They are currently reporting only card numbers have been compromised, no personal data. View the full security compromise update notice and FAQs.
As a Texans member, your debit card is regularly monitored by our card processor for fraudulent transactions, with an especially close monitoring team currently assigned to the cards used at PF Chang's Bistro during the compromise period. If you notice any suspicious activity on your account, please contact our Fraud Department at 972.348.2000 immediately.
On April 26, 2014, Microsoft revealed a vulnerability, called Zero-day Vulnerability, in all versions of Internet Explorer that is being used in "limited, targeted attacks." All versions of Internet Explorer from 6 through 11 are listed as vulnerable. Texans has determined that the vulnerability does not affect online banking, bill pay or mobile banking.
If you do use Internet Explorer, we recommend you use another browser for the time being. If you are interested in learning more, please read Microsoft's Security Advisory.
How is this vulnerability exploited?
An attack could be triggered by luring visitors to a specially crafted web page (much like a phishing attack). In other words, a user needs to visit a malicious page to be attacked.
The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections.
Is there a patch for this vulnerability?
Microsoft has not yet published a patch for this vulnerability but some antivirus companies, such as Symantec, already have signatures to protect against this new threat. Microsoft also states that versions of the Enhanced Mitigation Experience Toolkit (EMET) 4.1 and above - a free Microsoft tool - can mitigate this vulnerability in Internet Explorer. This toolkit can be downloaded at http://www.microsoft.com/en-us/download/details.aspx?id=41138.
Some members have received a text message that claims to be from Texans CU. In the message, it asks for the member's debit card and/or account number. If you receive a similar message, please do not call or text the number back, and do not visit any links given. The number may direct you to the Texans CU call center, leading you to believe the text message is legitimate. However, Texans CU would never contact you via text message and ask for your personal information. This is a phishing scam in the form of a text message (known as SMSishing). You can contact our Fraud Department at 972.348.2000 to verify your card and accounts are safe.
A Texas credit union has recently learned that a scammer is using its name as part of a mystery shopping scam. A number of consumers across the country received an unsolicited offer via email informing them that they could earn a specific dollar amount per week working as a "secrety shopper." Those that responded were informed they would receive a packet in the mail with additional information, including survey instructions, an evaluation form, and an authentic-looking cashier's check supposedly from a credit union in the amount of $2,070. The shopping assignments included an evaluation of Wells Fargo and Western Union.
The cashier's checks that are provided are counterfeit checks. Please be advised that legitimate mystery shop companies do not pay participants in advance. Myster shoppers are normally paid after they complete an assignment. Please be aware of any unsolicited opportunities that you receive. You can always call the institution that is supposedly paying for the assignment to verify the legitimacy of the offer.
An automated call states "Fraud alert from Texans Credit Union 888-997-1234". The recorded message goes onto say, "You account has been frozen due to fraudulent activity. To unlock it, please respond to this call...", at which time the automated operator will ask for your 16-digit account or debit card number.
Texans CU Members: If you have received this call and responded with your card or account number, please contact our Fraud Department immediately at 972.348.2000.
Non-Texans CU Members: If you have received this call and responded with your card or account number, please call your financial institution immediately to report it.
Some members have received a text message from an out-of-area phone number, 330-754-3399, that claims to be Texans CU. In the message, it states that the member's debit card has been suspended and the member needs to visit a website to reinstate the card - the website in one instance was listed as http://abc4c.divli.com/activate, but can be vary for different members. If you receive a similar message, please do not call or text the number back, and do not visit the website link given. Texans CU would not contact you via text message or ask you to re-activate your card through a site like this. This is a phishing scam in the form of a text message (known as SMSishing). You can contact our Fraud Department for verification that your card and accounts are safe - 972-348-2000.
Members have reported receiving a text message that claims their debit and/or credit card has been deactivated. If you receive such a text message (see below) claiming to be from Texans CU, do not respond or call the number listed. This is a phishing scam in the form of a text message (known as SMSishing). You can contact our Fraud Department for verification that your card and accounts are safe - 972-348-2000.
The NCUA reports that there have been automated phone messages setup by scammers, which claim to be from NCUA and alerting members that their debit card has been deactivated. The call goes onto instruct the listener to press 1 on their phone and enter the 16-digit card number to reactivate it. This is not a call from NCUA, and if you receive such a call or message, please contact NCUA's Fraud Hotline toll-free at 1-800-827-9650.
For more information, visit the NCUA News Now page.
Genuine cashier's checks issued by a financial institution are good funds. However, counterfeit checks often look as good as real ones. Counterfeit cashier's checks have become a common method of committing fraud.
Each scam involving a fraudulent cashier's check may be different, but some of the more common scenarios are:
Scams can also be conducted with personal checks. For example, a fraudulent check may appear to be written on the account of a real person or company or be written on an account that contains insufficient funds to cover the check. Other scams involve fraudulent postal service money orders or fraudulent money orders that appear to have been issued by a financial institution.
The result of these scams is that the fraudulent check will be returned unpaid. The financial institution will then deduct the amount of the check from your account or otherwise seek repayment from you, and you will lose either the goods that you sold, the money that you sent to the third party, or both.