Fraud

Our member's online security is of the utmost importance to us. At Granite State Credit Union, we're committed to providing members with the most up-to-date notifications and education in order to remain diligent in the protection of confidential information.

Fraud Alert: Ukrainian Relief Fraud

April 07, 2022 | Fraud Awareness and Protection

Fraud during times of national or global crisis and upheaval are common as it gives an opportunity to tug at the heartstrings of individuals with sincere intentions to donate. The crisis in Ukraine is the latest global crisis to spark fraudulent calls, texts, emails, as well as social media posts and ads across the internet.
Staying Safe

February 07, 2022 | Fraud Awareness and Protection

Though there are plenty of scams to look out for, there are also plenty of ways to stay safe. Lori Hodges, Vice President of North America Risk for Visa laid it out for us.
Missing Steps

December 27, 2021 | Fraud Awareness and Protection

What to do if you lose your wallet or purse

Losing your wallet or purse is a giant financial headache. You basically have to get on the phone and call everyone — health insurance providers, credit card companies, etc. — to get things back to normal. If you’ve lost your wallet or purse or had it stolen, here’s a look at what you should do and how to do it.
Cybersecurity Check-In: Five Ways To Be Safer Online

December 06, 2021 | Fraud Awareness and Protection

Follow these steps to protect your identity and sensitive financial information

Keeping your computers safe from cyber attacks isn’t just something governments and large industries have to worry about these days. Anyone who uses a smartphone, computer or other electronic device to send email, visit social media sites, search the internet or even pay bills online can fall victim to criminals looking to hack into your accounts to steal your passwords, identity and money.
Phishing Starts Earlier and Earlier

November 09, 2021 | Fraud Awareness and Protection

It’s only early November, but you have probably already seen Christmas trees sold in stores. This is a trend known as “seasonal creep” in which retailers start selling seasonal items in advance of the actual season. Did you know that cybercriminals also follow this trend?
Port-Out Phone Scams

October 27, 2021 | Fraud Awareness and Protection

A porting-out scam targets a person’s mobile phone number when it is being ported during a change in phone service. Scammers with your personal information can interfere during the service change and hijack the phone number.
Instagram Influencer Scams

April 20, 2021 | Fraud Awareness and Protection

As the name suggests, an influencer is someone whose opinions influence a large social media audience. While influencers usually attract sponsorships from legitimate brands, these accounts can also be used as a tool for cybercriminals.
MEMBER ALERT 2/17/2021 Phishing with Phony Loans

February 17, 2021 | Fraud Awareness and Protection

A year into the pandemic, bad guys continue to target struggling organizations. A recent example is a phishing email targeting those in the United States.
How To Protect Your Identity

January 29, 2021 | Fraud Awareness and Protection

These days almost everyone is on social media. Whether you’re sharing your #OOTD (outfit of the day) on Instagram, expressing a political opinion via Twitter, or posting a video of your kid being objectively cute on Facebook, it’s part of modern life. But could you be putting yourself at more risk than you know?
MEMBER ALERT: 1/21/2021 Exploiting the Coronavirus: Financial Assistance Scams

January 21, 2021 | Fraud Awareness and Protection

While the world continues to navigate life during a pandemic, countless families and individuals are struggling financially. In a truly malicious response to the situation, scammers are launching phishing attacks that claim to offer financial assistance to those in need.

Displaying 1-10

Cyber Security Tips

Realize that anyone is an attractive target to hackers. Don’t assume it won’t happen to you.
Practice good password management by utilizing a strong mix of characters. Don’t use the same password for multiple sites and don’t share your password with others or write it down.
Never give out login credentials over the phone, in person, or via email. This includes your user names and passwords.
Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—lock it so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to secure it as well.
Be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to. Attackers will often take advantage of spelling mistakes to direct you to a harmful website.
Roll the mouse pointer over a link to reveal its actual destination before clicking on it. It will display in the bottom left corner of the browser. In Microsoft Outlook it is displayed above the link.
When using public Wi-Fi, refrain from sending or receiving private information.
Use virus protection software on all computers connected to the Internet and ensure it is updated regularly. Most commercially available security software provides anti-virus, malware and firewall protection.
Keep all applications, including your operating system patched, by setting your PC to automatically install updates.
Turn off your computer or disconnect from the network when not in use. An intruder cannot attack your computer if it is turned off or disconnected from the network.
Back up your data regularly, and make sure your anti-virus software is always up to date.
Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.
Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you’re on vacation—that could help them gain access to more valuable data.
Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information.
Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised.
ATM, Credit, and Debit Cards or Checks should be signed as soon as they arrive and only used for transactions in a secure setting (not on unfamiliar or suspicious websites). Do not utilize the “remember my card number” options on websites and do not leave the cards out in visible, unsecured locations. Immediately report if your card goes missing or is stolen. Tamper resistant checks are available through GSCU and utilize security features such as chemically sensitive paper to deter alterations.
Statements, e-statements, bills and e-bills should be reviewed promptly upon receipt to verify that all transactions were made by authorized parties. Any transactions made by unauthorized parties should be reported to the appropriate financial institution, card issuer, or biller. Statements, bills, and transaction receipts that are to be discarded should be eliminated securely, for example by shredding, and should not be discarded in a readable form.

How to Detect Phishing or Spoofing Emails

Probably the easiest way to identify if an email is legitimate or not, is to simply hover your mouse arrow over the name in the From column. By doing so, you will be able to tell if the email is from a recognizable domain that is linked to the actual sender name. For example, an email from Match.com should typically have the from domain of “match.com” (not "motch.com" or “humbletemper.com").
Pay attention to the email in the reply field. Does it match the sender of the original email? This is similar to hovering over the From column and may help you detect a phishing attempt.
Are the URLs legitimate? Similar to hovering over certain parts of the email, another place to check would be any URLs the email is trying to direct you to visit. Always make sure the link is legitimate and uses encryption (https://). However, it is a recommended best practice to always open a new window and go to the site directly without using the email link provided in an email.
A common practice of many hackers is the use of misspelled words on purpose. While it may seem that would easily reveal an illegitimate email, it is actually a tactic used to find less savvy users. Spammers have learned that if they get a response from a poorly written email, they have found an easy target and will focus their efforts to gain access to that user's information.
Most legitimate messages will be written with HTML and will be a mix of text and images. A poorly constructed phishing email may be missing images, including the company’s logo. If the email is plain text and looks different than what you’re used to seeing from that sender, go with your gut feeling and delete the message.
A common practice of many spammers is using an image for the message body. Make sure the email is a mix of text and images. Also, if there are embedded links, hover over them within the image for an extra step of precaution.
One tactic that is commonly used by hackers is to alert you that you must provide and/or update your personal information about an account (e.g., Social Security number, bank account details, account password). Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment aiming to infect the user’s computer or steal their information.
Is this new email the first time your bank has sent you an attachment? Most financial institutions or retailers will not send out attachments via email, so be careful about opening any from senders or messages that seem suspicious. High risk attachments file types include: .exe, .scr, .zip, .com, .bat.
If an email seems too good to be true, it most likely is. Be cautious with any message offering to place money into your bank account by simply “clicking here”. If the content places any kind of urgency, such as prompts saying “you must click into your account now”, it is most likely a scam and should be marked as “junk”.
If you notice that your email address is being identified as the From address, this is a sign of a fake email message. You should also be cautious if the "To" field reflects a large list of recipients. Legitimate emails will be sent directly to you and you only. You may see “undisclosed recipients” and this is something to keep an eye on as well. It could be a valid send, but double check by using the other tips identified above.

Contact Member Services if you experience any of the following scenarios:

If you receive an email alert regarding a wire, ACH, or bill pay transactions you did not initiate;
If you receive an email alert regarding a change of password or email address you did not create;
If the login screen looks different or has unusual fields or prompts. GSCU will notify members prior to any changes.

ATM Skimming

Criminals attach a card-skimming device to an ATM or payment processing terminal to steal card information. This can be done with skimmers that read the magnetic strip or computer chip on the card, small cameras to record finger movement when entering passwords, electronic equipment directly installed into the ATM or payment terminal, or an overlay device on top of the keyboard area to record PINs.

Machines in public areas such as airports, gas stations, or stores are the most vulnerable.

How to protect yourself:

Check all ATMs and other card-reading devices before use.
Use ATMs inside buildings or in high-traffic areas that are harder to target.
Opt for credit (or use your debit card as credit) to prevent access to you PIN.
If an ATM looks suspicious, don’t use it. Report it to the bank or police.
Monitor your accounts and check you bank statement regularly. Report any suspicious activity to your bank and/or card company.

Definitions

Malware – software that is intended to damage or disable computers and computer systems

Social Engineering – the act of obtaining, or attempting to obtain, secure data by conning an individual into revealing secure information

Firewall Protection – software programs designed to protect a network by preventing unauthorized users from gaining access or by monitoring transfers of information to and from the network

Anti-virus Protection – computer software used to prevent, detect, and remove malicious computer viruses

Hacker – a person who uses computers to gain unauthorized access to data

Virus – a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data

Fraud

Our member's online security is of the utmost importance to us. At Granite State Credit Union, we're committed to providing members with the most up-to-date notifications and education in order to remain diligent in the protection of confidential information.

Fraud Alert: Ukrainian Relief Fraud

Staying Safe

Missing Steps

Cybersecurity Check-In: Five Ways To Be Safer Online

Phishing Starts Earlier and Earlier

Port-Out Phone Scams

Instagram Influencer Scams

MEMBER ALERT 2/17/2021 Phishing with Phony Loans

How To Protect Your Identity

MEMBER ALERT: 1/21/2021 Exploiting the Coronavirus: Financial Assistance Scams

Cyber Security Tips

How to Detect Phishing or Spoofing Emails

Contact Member Services if you experience any of the following scenarios:

ATM Skimming

Definitions