The Latest Security Threats & Scams

Whether you are contacted by mail, phone or email, it is not Texans' practice to contact members unsolicited and ask for personal or financial information. If you are contacted by an entity claiming to be Texans who is requesting this type of information, do not respond and contact Texans immediately at 800.843.5295.

For information on the latest scams, read the postings below.


August 2014 - Phishing Scam - Email Concerning Money Transfer

We're aware of a potential phishing campaign that may impact our online banking users. Emails are being sent randomly using a spoofed email address (support@digitalinsight.com) - these emails are not legitimate communications. Attached to the email is a zip file containing a malicious executable file that looks like a PDF document, which when opened infects the user's computer with malware.

Sample fraudulent email:
Incoming Transactions Report
An incoming money transfer has been received by your financial institution and the funds deposited to account.
Initiated By: Fiserv Inc.
Initiated Date & Time: Fri, 15 Aug 2014 23:00:11 +0700
Batch ID: 976
Please view the attached file to review the transaction details.

How can I protect myself against phishing scams?
We encourage all members to employ security best practices to mitigate phishing and malware threats like this.

  • Do not open emails or attachments, or click on links within emails from unknown senders or unsolicited requests
  • Install an antivirus program on your personal computer and mobile device and keep it updated
  • Perform regular backups of data
  • Do not view or share personal information over a public wi-fi network

July 2014 - Clickjacking and Emmental

On July 28, a security alert was released discussing “Clickjacking” and “Emmental.” Please note: This possible security breach is a global problem that could impact any online banking site and any device. It is not exclusive to Texans Credit Union or our online banking provider.
 
Clickjacking
Clickjacking is a type of phishing attack that begins by tricking users into clicking a malicious link. Once this malicious link has been visited, it allows a malicious user to overlay malicious clickable links over valid websites without the user’s knowledge to obtain confidential information.
Clickjacking capabilities include:

  • Redirecting users to malicious sites designed to look like valid websites
  • Stealing personal banking information
  • Capturing user input, including passwords
  • Stealing contact information and pictures

Is online banking safe?
Yes – our online banking provider has completed a thorough investigation and has concluded that the Clickjacking attack does not affect online banking, bill pay or mobile banking.
 
Emmental
Emmental is a malware attack that redirects internet traffic to malicious servers.  The attack is two-fold beginning by opening a malicious file; when the file is opened, it makes changes to a user’s computer.  The attack then attempts to have the user install “secure token generator” malware on their Android or Apple mobile device when they next visit a valid banking site.
The “Secure Token Generator” malware when installed will then gain access to read text messages in an attempt to capture codes that are sent by some banking sites that are used as secondary security measures to protect against unauthorized access to banking information.
 
How can I protect myself against threats like Clickjacking and Emmental?
We encourage all members to employ security best practices, including:

  • Installing an antivirus app and keeping it updated
  • Only install apps from official Google Play or Apple App Store.
  • Reading the permissions requested by every application before installing
  • Performing regular backup of data stored in Android/Apple devices
  • Protecting devices with a password

June 2014 - Svpeng and Dyreza Malware

On June 20, a security alert announced two recently-discovered vulnerabilities called Sypeng and Dyreza.
Please note: This possible security breach is a global problem that could impact any online banking site and any Android device. It is not exclusive to Texans Credit Union or our online banking provider.

Sypeng
Svpeng is a malware for Android devices. Svpeng searches for specific mobile banking apps on your device, then locks the device and demands money to unlock it. In the United States, Svpeng breaks into a mobile device through a social engineering campaign using text messages. Svpeng capabilities include:

  • Spoofing legitimate banking applications
  • Stealing personal banking information
  • Capturing user input, including passwords
  • Sending SMS messages to premium numbers without user’s knowledge resulting in charges
  • Stealing SMS messages
  • Stealing contact information and pictures
  • Tracking user location

Dyreza
Dyreza is a malware that redirects traffic to malicious servers. Dyreza is spread through spam email messages such as "Your FED TAX payment ID [random number]" and "RE: Invoice #[random number].” These messages contain a “.zip” file often hosted on legitimate domains to minimize suspicion. Opening this file infects the computer with the malware. Dyrezea views unencrypted web traffic in the Internet Explorer, Chrome and Firefox browsers and captures your credentials by sending you to malicious servers, while you think you are securely connected to your financial institution’s legitimate website.

Is my iPhone vulnerable to Svpeng and Dyreza? iPhones and Android devices use different operating systems. Svpeng specifically targets the Android operating system. Dyreza does not target mobile devices; it exploits Internet Explorer, Chrome and Firefox browsers.

Is online banking safe? Yes – our online banking provider has completed a thorough investigation and has concluded that the Dyreza vulnerability does not affect online banking, bill pay or mobile banking.

How can I protect myself against threats like Svpeng and Dyreza? We encourage all members uphold security best practices including the following:

  • Installing an antivirus app and keeping it updated
  • Avoiding installing Android apps from third-party websites or unreliable sources
  • Reading the permissions requested by every application before installing
  • Performing regular backup of data stored in Android devices
  • Protecting devices with a password
  • Not viewing or sharing personal information over a public Wi-Fi network

June 2014 - PF Chang's Bistro Card Compromise

We are aware of the card compromise that PF Chang's Bistro reported on June 9. According to the statement provided on the company's website, they are working with the Secret Service and card processors to determine what specifically was compromised. They are currently reporting only card numbers have been compromised, no personal data. View the full security compromise update notice and FAQs.

As a Texans member, your debit card is regularly monitored by our card processor for fraudulent transactions, with an especially close monitoring team currently assigned to the cards used at PF Chang's Bistro during the compromise period. If you notice any suspicious activity on your account, please contact our Fraud Department at 972.348.2000 immediately.


April 2014 - Microsoft Internet Explorer Vulnerability

On April 26, 2014, Microsoft revealed a vulnerability, called Zero-day Vulnerability, in all versions of Internet Explorer that is being used in "limited, targeted attacks." All versions of Internet Explorer from 6 through 11 are listed as vulnerable. Texans has determined that the vulnerability does not affect online banking, bill pay or mobile banking.
 
If you do use Internet Explorer, we recommend you use another browser for the time being. If you are interested in learning more, please read Microsoft's Security Advisory.

How is this vulnerability exploited?
An attack could be triggered by luring visitors to a specially crafted web page (much like a phishing attack). In other words, a user needs to visit a malicious page to be attacked.
 
Technical Information
The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections.
 
Is there a patch for this vulnerability?
Microsoft has not yet published a patch for this vulnerability but some antivirus companies, such as Symantec, already have signatures to protect against this new threat. Microsoft also states that versions of the Enhanced Mitigation Experience Toolkit (EMET) 4.1 and above - a free Microsoft tool - can mitigate this vulnerability in Internet Explorer. This toolkit can be downloaded at http://www.microsoft.com/en-us/download/details.aspx?id=41138.


April 2014 - Heartbleed Bug

Learn about the Heartbleed vulnerability and how Texans and online banking are protected.


October 2013 - SMSing Scam - Text Message from Texans CU

Some members have received a text message that claims to be from Texans CU. In the message, it asks for the member's debit card and/or account number. If you receive a similar message, please do not call or text the number back, and do not visit any links given. The number may direct you to the Texans CU call center, leading you to believe the text message is legitimate. However, Texans CU would never contact you via text message and ask for your personal information. This is a phishing scam in the form of a text message (known as SMSishing). You can contact our Fraud Department at 972.348.2000 to verify your card and accounts are safe.


October 2013 - Mystery Shopper Scam

A Texas credit union has recently learned that a scammer is using its name as part of a mystery shopping scam. A number of consumers across the country received an unsolicited offer via email informing them that they could earn a specific dollar amount per week working as a "secrety shopper." Those that responded were informed they would receive a packet in the mail with additional information, including survey instructions, an evaluation form, and an authentic-looking cashier's check supposedly from a credit union in the amount of $2,070. The shopping assignments included an evaluation of Wells Fargo and Western Union.

The cashier's checks that are provided are counterfeit checks. Please be advised that legitimate mystery shop companies do not pay participants in advance. Myster shoppers are normally paid after they complete an assignment. Please be aware of any unsolicited opportunities that you receive. You can always call the institution that is supposedly paying for the assignment to verify the legitimacy of the offer.


July 2013 - Phishing Scam - Phone Call from Texans CU

An automated call states "Fraud alert from Texans Credit Union 888-997-1234". The recorded message goes onto say, "You account has been frozen due to fraudulent activity. To unlock it, please respond to this call...", at which time the automated operator will ask for your 16-digit account or debit card number.

Texans CU Members: If you have received this call and responded with your card or account number, please contact our Fraud Department immediately at 972.348.2000.

Non-Texans CU Members:
If you have received this call and responded with your card or account number, please call your financial institution immediately to report it.


May 2013 - SMSing Scam - Text Message from Texans CU

Some members have received a text message from an out-of-area phone number, 330-754-3399, that claims to be Texans CU. In the message, it states that the member's debit card has been suspended and the member needs to visit a website to reinstate the card - the website in one instance was listed as http://abc4c.divli.com/activate, but can be vary for different members. If you receive a similar message, please do not call or text the number back, and do not visit the website link given. Texans CU would not contact you via text message or ask you to re-activate your card through a site like this. This is a phishing scam in the form of a text message (known as SMSishing). You can contact our Fraud Department for verification that your card and accounts are safe - 972-348-2000.


May 2013 - SMSing Scam - Text Message from Texans CU

Members have reported receiving a text message that claims their debit and/or credit card has been deactivated. If you receive such a text message (see below) claiming to be from Texans CU, do not respond or call the number listed. This is a phishing scam in the form of a text message (known as SMSishing). You can contact our Fraud Department for verification that your card and accounts are safe - 972-348-2000.

Texans Credit Union Alert: Your Card #4761 has been temporarily deactivated. Please call Texans CU 24 hr line (570)445-5196 to reactivate.


March 2013 - Phishing Scam - Automated Phone Message from NCUA

The NCUA reports that there have been automated phone messages setup by scammers, which claim to be from NCUA and alerting members that their debit card has been deactivated. The call goes onto instruct the listener to press 1 on their phone and enter the 16-digit card number to reactivate it. This is not a call from NCUA, and if you receive such a call or message, please contact NCUA's Fraud Hotline toll-free at 1-800-827-9650.

For more information, visit the NCUA News Now page.


Cashier's Check Fraud

Genuine cashier's checks issued by a financial institution are good funds. However, counterfeit checks often look as good as real ones. Counterfeit cashier's checks have become a common method of committing fraud.

Common Scams

Each scam involving a fraudulent cashier's check may be different, but some of the more common scenarios are:

  • Selling goods – You are selling an item online. You have a buyer. The buyer sends you a cashier’s check for the price that you have agreed on, and you ship the goods to the buyer. The cashier’s check turns out to be fraudulent.
  • Excess of purchase price – This scenario is similar to the one described above. However, the buyer sends you a cashier’s check for more than the purchase price and asks you to wire some or all of the excess to a third party, often in a foreign country. The buyer may explain that this procedure allows the buyer to satisfy its obligations to you and the third party with a single check. The cashier’s check turns out to be fraudulent.
  • Unexpected windfall – You receive a letter informing you that you have the right to receive a substantial sum of money. For example, the letter may state that you have won a foreign lottery or are the beneficiary of someone’s estate. The letter will state that you have to pay a processing/transfer tax or fee before you receive the money, but a cashier’s check will be enclosed to cover that fee. The letter will ask you to deposit the cashier’s check into your account and wire the fee to a third party, often in a foreign country. The cashier’s check turns out to be fraudulent.
  • Mystery shopping – You receive a letter informing you that you have been chosen to act as a mystery shopper. The letter includes a cashier’s check, and you are told to deposit the check into your account. You are told to use a portion of the funds to purchase merchandise at designated stores, transfer a portion of the funds to a third party using a designated wire service company, and keep the remainder. The cashier’s check turns out to be fraudulent.

Other Types of Check Fraud

Scams can also be conducted with personal checks. For example, a fraudulent check may appear to be written on the account of a real person or company or be written on an account that contains insufficient funds to cover the check. Other scams involve fraudulent postal service money orders or fraudulent money orders that appear to have been issued by a financial institution.

The result of these scams is that the fraudulent check will be returned unpaid. The financial institution will then deduct the amount of the check from your account or otherwise seek repayment from you, and you will lose either the goods that you sold, the money that you sent to the third party, or both.

 

Back to Login

Texans CU Routing # 311987786
24-Hour Account Access Line: 972.348.2001 (800.843.6426)

About Us | Contact Us | Career Center | Disclosures | Fee Schedule

Equal Housing Lender Equal Housing Lender | This credit union is federally insured by the National Credit Union Administration © 2013 Texans Credit Union