Security Awareness

In the ever-evolving world of financial services, it is critical to stay vigilant and informed about the latest scams targeting financial institutions and unsuspecting individuals.  ETPCU is devoted to keeping you informed and empowered so that our credit union and our members are protected.


In the past 6-9 months, Cybercriminals have developed new strategies for luring users in order to profit financially.  The FBI and local law enforcement have been putting a lot of effort into stopping these frauds as soon as they appear. Fraudsters employ a variety of strategies including malicious mobile applications – such as those containing QR codes and SIM swapping. They have been employing AI-powered frauds to mimic well-known voices during phone conversations. Impersonating websites that seem authentic to trick users into thinking they are communicating with a reliable source. All these scams are just a few of the many that have become more deceptive and widespread in the recent weeks; some have appeared on the phones and email accounts of East Texas individuals, claiming to be from numerous nearby banks and credit unions. 

Digital fraud attempts against financial institutions are at an all-time high. According to TransUnion’s global online fraud trends analysis, the financial services industry is the second most targeted industry behind telecommunications. We want to stay proactive to keep our credit union and members safe.  

In general, if you or any of our members, happen to receive a questionable phone call or message, whether via text message or by email. DO NOT RESPOND (take a screenshot to investigate and report it) and then, delete it immediately.

The following are some important pointers to safeguard both our membership and yourself against these new scammers:

  • Be careful with your mobile phone.  Do not respond to unsolicited requests (of any kind):  Do not provide personally identifiable information including your social security number, PIN, account number, driver license number, or passwords.
  • Do not click on unknown email attachments or links:  Never reply to unsolicited emails or click on the email's attachments or links until you have verified that the request is legitimate. If you clicked on any of these, you may want to run an antivirus scan to check for malware.
  • Take a screenshot: If you or a member believes that an email or text could be a phishing scam, you can forward a screenshot of the message along with any additional information in question to out IT department so we can review and investigate it. Members could also report the message to the Federal Trade Commission at ReportFraud.FTC.gov , then, it can be deleted it.
  • Be skeptical when someone contacts you: If you suspect a phone call is a phishing scam, hang up immediately, verify it’s the correct person by calling the individual back from an official company phone number. 
  • Do not confirm details over texts, email or the phone: Be wary of any payment obligations that appear dubious.  If anyone asks to confirm, verify or update your account, credit card or billing information it could be a scam.
  • Change your passwords: If you suspect someone else has accessed one of your accounts, change your password.
  • Lock down your credit: You have the right to request free fraud alerts and security freezes to be added to your credit reports for free by contacting the credit bureaus if you are concerned about identity theft.  




























 





















Over the last 48 hours, cyber criminals have been selling a new phishing kit (V3B) that has been targeting users of 54 major financial institutions in Europe, with the United States likely to be the next target.

A phishing kit is a set of software tools and materials that cybercriminals use to carry out phishing attacks. These kits make it easier for attackers to trick users into disclosing sensitive information by simplifying the process of establishing and administering phishing campaigns. Phishing usually consists of an email that forces the victim to reply quickly and a landing page (often a false login page from a well-known provider such as Office 365 or Google) where sensitive login details are gathered. Cybersecurity experts at Resecurity discovered this new phishing kit that is swiftly gaining popularity among cybercriminals since it cost between $100 and $500 a month, depending on the feature bundle purchased. The developers advertised it on Telegram, and the group swiftly swelled to over 1,250 members.

The introduction of this phishing kit represents a big step forward in phishing-as-a-service (PhaaS) platforms, providing advanced tools to support cybercrime. Phishing kits, such as V3B, can be used not only to get banking credentials and credit card information, but also to assist larger-scale intrusions. Furthermore, it will allow Cyber criminals with a real-time interaction feature, enabling tailored phishing attempts such as acquiring one-time passwords (OTPs) and, increasing the kit's efficiency in evading detection and committing cybercrimes. This ability to avoid detection by anti-phishing methods increases the likelihood of successful phishing assaults and account hacks, which can potentially result in significant financial losses and compromising personal information for financial institutions and account holders.