Fraud

Many scams revolve around the idea of a family emergency, often a distraught grandchild calling, to build urgency and apply pressure to victims. Frequently, these scams target senior citizens with the fraudster contacting the victim noting they’re a family member or close friend.

We have been made aware of a spoofing fraud trend that is affecting our members.

Spoofing is when a fraudster falsifies the information transmitted to your Caller ID to disguise their identity.

We have been made aware of a recent Home Warranty Mail Scam.

These mailings note that home warranties may be expiring and to take action with a phone number to renew the warranty. These mailings utilize mortgage information obtained through public records to appear more convincing. They are not associated with Granite State Credit Union.

If you have received a suspicious call or text or you believe you have been the victim of fraud, please contact GSCU immediately by calling 1-800-645-4728 or emailing us.

Cyber Security Tips

Realize that anyone is an attractive target to hackers. Don’t assume it won’t happen to you.
Practice good password management by utilizing a strong mix of characters. Don’t use the same password for multiple sites and don’t share your password with others or write it down.
Never give out login credentials over the phone, in person, or via email. This includes your user names and passwords.
Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—lock it so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to secure it as well.
Be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to. Attackers will often take advantage of spelling mistakes to direct you to a harmful website.
Roll the mouse pointer over a link to reveal its actual destination before clicking on it. It will display in the bottom left corner of the browser. In Microsoft Outlook it is displayed above the link.
When using public Wi-Fi, refrain from sending or receiving private information.
Use virus protection software on all computers connected to the Internet and ensure it is updated regularly. Most commercially available security software provides anti-virus, malware and firewall protection.
Keep all applications, including your operating system patched, by setting your PC to automatically install updates.
Turn off your computer or disconnect from the network when not in use. An intruder cannot attack your computer if it is turned off or disconnected from the network.
Back up your data regularly, and make sure your anti-virus software is always up to date.
Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.
Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you’re on vacation—that could help them gain access to more valuable data.
Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information.
Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised.
ATM, Credit, and Debit Cards or Checks should be signed as soon as they arrive and only used for transactions in a secure setting (not on unfamiliar or suspicious websites). Do not utilize the “remember my card number” options on websites and do not leave the cards out in visible, unsecured locations. Immediately report if your card goes missing or is stolen. Tamper resistant checks are available through GSCU and utilize security features such as chemically sensitive paper to deter alterations.
Statements, e-statements, bills and e-bills should be reviewed promptly upon receipt to verify that all transactions were made by authorized parties. Any transactions made by unauthorized parties should be reported to the appropriate financial institution, card issuer, or biller. Statements, bills, and transaction receipts that are to be discarded should be eliminated securely, for example by shredding, and should not be discarded in a readable form.

How to Detect Phishing or Spoofing Emails

Probably the easiest way to identify if an email is legitimate or not, is to simply hover your mouse arrow over the name in the From column. By doing so, you will be able to tell if the email is from a recognizable domain that is linked to the actual sender name. For example, an email from Match.com should typically have the from domain of “match.com” (not "motch.com" or “humbletemper.com").
Pay attention to the email in the reply field. Does it match the sender of the original email? This is similar to hovering over the From column and may help you detect a phishing attempt.
Are the URLs legitimate? Similar to hovering over certain parts of the email, another place to check would be any URLs the email is trying to direct you to visit. Always make sure the link is legitimate and uses encryption (https://). However, it is a recommended best practice to always open a new window and go to the site directly without using the email link provided in an email.
A common practice of many hackers is the use of misspelled words on purpose. While it may seem that would easily reveal an illegitimate email, it is actually a tactic used to find less savvy users. Spammers have learned that if they get a response from a poorly written email, they have found an easy target and will focus their efforts to gain access to that user's information.
Most legitimate messages will be written with HTML and will be a mix of text and images. A poorly constructed phishing email may be missing images, including the company’s logo. If the email is plain text and looks different than what you’re used to seeing from that sender, go with your gut feeling and delete the message.
A common practice of many spammers is using an image for the message body. Make sure the email is a mix of text and images. Also, if there are embedded links, hover over them within the image for an extra step of precaution.
One tactic that is commonly used by hackers is to alert you that you must provide and/or update your personal information about an account (e.g., Social Security number, bank account details, account password). Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment aiming to infect the user’s computer or steal their information.
Is this new email the first time your bank has sent you an attachment? Most financial institutions or retailers will not send out attachments via email, so be careful about opening any from senders or messages that seem suspicious. High risk attachments file types include: .exe, .scr, .zip, .com, .bat.
If an email seems too good to be true, it most likely is. Be cautious with any message offering to place money into your bank account by simply “clicking here”. If the content places any kind of urgency, such as prompts saying “you must click into your account now”, it is most likely a scam and should be marked as “junk”.
If you notice that your email address is being identified as the From address, this is a sign of a fake email message. You should also be cautious if the "To" field reflects a large list of recipients. Legitimate emails will be sent directly to you and you only. You may see “undisclosed recipients” and this is something to keep an eye on as well. It could be a valid send, but double check by using the other tips identified above.

Contact Member Services if you experience any of the following scenarios:

If you receive an email alert regarding a wire, ACH, or bill pay transactions you did not initiate;
If you receive an email alert regarding a change of password or email address you did not create;
If the login screen looks different or has unusual fields or prompts. GSCU will notify members prior to any changes.

ATM Skimming

Criminals attach a card-skimming device to an ATM or payment processing terminal to steal card information. This can be done with skimmers that read the magnetic strip or computer chip on the card, small cameras to record finger movement when entering passwords, electronic equipment directly installed into the ATM or payment terminal, or an overlay device on top of the keyboard area to record PINs.

Machines in public areas such as airports, gas stations, or stores are the most vulnerable.

How to protect yourself:

Check all ATMs and other card-reading devices before use.
Use ATMs inside buildings or in high-traffic areas that are harder to target.
Opt for credit (or use your debit card as credit) to prevent access to you PIN.
If an ATM looks suspicious, don’t use it. Report it to the bank or police.
Monitor your accounts and check you bank statement regularly. Report any suspicious activity to your bank and/or card company.

Definitions

Malware – software that is intended to damage or disable computers and computer systems

Social Engineering – the act of obtaining, or attempting to obtain, secure data by conning an individual into revealing secure information

Firewall Protection – software programs designed to protect a network by preventing unauthorized users from gaining access or by monitoring transfers of information to and from the network

Anti-virus Protection – computer software used to prevent, detect, and remove malicious computer viruses

Hacker – a person who uses computers to gain unauthorized access to data

Virus – a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data

Our member's online security is of the utmost importance to us. At Granite State Credit Union, we're committed to providing members with the most up-to-date notifications and education in order to remain diligent in the protection of confidential information.

Be Wary of Fake Family and Grandchildren Emergency Scams

MEMBER NOTICE (1/17/2023): Spoofing Fraud Trend

MEMBER NOTICE (1/9/2022): Home Warranty Mail Scam

MEMBER NOTICE (12/14/2022): Credit Union Impersonation Spoofing Fraud Alert

Watch Out

Lost and Found

False Cryptocurrency Investment Scams

Getting It Back

Callback Phishing Scams

Fraud Alert: Ukrainian Relief Fraud

Cyber Security Tips

How to Detect Phishing or Spoofing Emails

Contact Member Services if you experience any of the following scenarios:

ATM Skimming

Definitions

Closed for Federal Holiday, October 9th