SRFCU MoneyDesktop ™ app
We’ve made the SRFCU MoneyDesktop ™ app even easier to use now! If you’ve been using it, you may have noticed the need for two separate logins. One for MoneyDesktop ™ in your online banking account, and one when using the MoneyMobile ™ app on your phone. Now, you can utilize just one set of login credentials!
Do existing MoneyMobile users need to create an “access code”?
No. “Access codes” are only intended for new mobile customers. If you are an existing MoneyMobile user that has been able to login to the application, no action is required.
How do existing MoneyMobile customers log in after the change?
After this process is implemented, existing users will open the application as usual and without any change. If you have unlinked your account, you will need to generate a new access token.
I generated an “access code” but it won’t allow me to register, what should I do?
The “access code” may have expired or the system may be currently down. Every “access code” is valid for 10 minutes from the time they were created in online banking. If you receive an “expired access code” error, please go back to online banking and generate a new code and try again.
I use multiple devices to access MoneyMobile, what should I do?
Each device will need it’s own “Access Code” generated and paired with your MoneyMobile account. Please follow the steps above for generating an access token and then enter the code from the MoneyMobile application on the device(s) you wish to work from.
Notice: Beware New Vishing Scheme
The Credit Union Association of the Dakotas recently reported that credit union members in North Dakota have received "Vishing" calls that claim to be from the NCUA, telling them that their debit card has been blocked and asking them to follow a series of telephone prompts. Even though this alert involves North and South Dakota, this kind of scam can occur anywhere and credit unions should be warning their members of this incident.
The NCUA warns consumers to beware of this telephone fraud, known as a "vishing" scheme, that is using the agency's name in an attempt to obtain personal financial information.
According to CUAD, credit union members have been contacted by an automated phone call claiming to be from the NCUA and notifying consumers their debit cards have been compromised. The call then asks the receiver to follow prompts, which request personal information, including sensitive financial data and personal identification information.
CUAD recommends that anyone contacted by this so-called "vishing" scheme should immediately contact NCUA's Consumer Assistance Center Hotline at 800-755-1030 or by email at email@example.com to report the scam. Operators answer calls Monday through Friday between 8 a.m. and 5 p.m. Eastern.
The NCUA has stated that they neither seek personal information from consumers over the telephone nor handle day-to-day maintenance of member account information.
Notice: Beware "Spear-Fishing" Attacks
FBI Indicates that Spear-Fishing Attacks are on the Increase In late June, the FBI reported that they are seeing an increase in spear-fishing attacks. The purpose of the attacks is to gain access to a computer network with the intent of creating fictitious identities and stealing personal information to steal money from unsuspecting individuals. The FBI indicates that fraudsters will send an email that contains some form of personal information of the victim that may have been previously stolen from data obtained on social networking sites, blogs or other similar websites. This personal information is used to make the communication appear legitimate with the hope of having the recipient answer questions or open a link attached to the email. This link contains malicious software used to steal account numbers, passwords and other personal financial information. The FBI identifies several tips and suggestions that should be kept in mind: · Online businesses, including credit unions and merchants will not ask for personal information, such as usernames and passwords, via e-mail. When in doubt either call the credit union / company directly or open your computer’s Internet browser and type the known website’s address. · Avoid using the telephone number contained in the e-mail, which is likely to be fraudulent as well. · Avoid following links sent in e-mails, especially when the sender is someone you do not know or appears to be from a business / credit union advising that your account information needs updated. · Keep your computer’s anti-virus software and firewalls updated. · If you believe you may have fallen victim to a spear-phishing attack, file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov/.
Fake pop-ups injected into online banking transactions
MADISON, Wis. (11/14/12)--The latest version of the Citadel banking Trojan malware has something malware analysts have never encountered before: a browser malware that launches fake pop-ops during online banking transactions and tricks online users into re-entering their bank and credit union account logins and passwords.
The risks for credit unions and banks, as well as their members/customers, are obvious. And it means that credit unions and others will need to offer crash courses to their members about defending themselves from the advanced Trojans (Bankinfosecurity.com Nov. 12). Otherwise, financial institutions will see even greater losses due to fraud.
The Citadel, which is an advanced mutation of the infamous Zeus Trojan malware, was discovered in "underground" forums in January. It is a key logger that steals online banking authorization credentials by capturing the computer user's keystrokes (Bankinfosecurity.com Nov. 12). The Trojan was the topic of a number of warnings to credit unions and banks in August by the Federal Bureau of Investigation (FBI) and the FBI's Internet Crime Complaint Center.
SC Taxpayers' Privacy Violated
As per The State paper and other news outlets, 3.6 million South Carolina Taxpayers' Information has been compromised. Please see the full article here. SRFCU is urging all members to read the article and to follow the steps outlined to make sure your information was not compromised.
Please click here for directions on how to handle Identify Theft.
Android Mobile Phone Malware
The Internet Crime Complaint Center (IC3) has reported that they are aware of various malware attacks against Android mobile device operating systems.
Two examples of malware that are being used by criminals are Loozfon and FinFisher.
Loozfon is one version which is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.
FinFisher is a spyware capable of taking over the components of a mobile device and can be transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located.
IC3 has suggested the following safety tips to help protect your mobile device:
When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
Review and understand the permissions you are giving when you download applications.
Pass code protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the pass code, enable the screen lock feature after a few minutes of inactivity.
Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
Be aware of applications that enable geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
Avoid clicking on or otherwise downloading software or links from unknown sources.
Use the same precautions on your mobile phone as you would on your computer when using the Internet.
If you have been a victim of an Internet scam or have received an e-mail that you believe was an attempted scam, please contact the credit union immediately.
SCAM ALERT - Bogus Gift Cards
The Better Business Bureau, Wal-Mart, Target and Best Buy are company names being used to promote bogus gift cards. Be cautious if you receive an email advising that one of these vendors is promoting a give-away of Visa gift cards (usually for $1000). This email is probably a scam and fraudsters are trying to get your personal information.
How the Scam Works: People nationwide are receiving emails informing them that one of the above vendors is giving away $1,000 Visa gift cards. Emails come from a variety of email addresses and contain different links, but all use a variation of the message below:
On behalf of the (Better Business Bureau, Wal-Mart, Target, Best Buy or possibly another vendor), you have been issued a $1,000 Visa Gift Card free of charge.
Card type: Visa Gift Card
Issued to: Jim Jones
Issuing branch: San Antonio, Texas
Valid until: 08/2015
Please use the following website to claim your card and have it shipped to the address of your choosing: Go to: www reward2012 com to claim your prize. Please note that claims must be made within 48 hours from this email being sent, or the above link will become invalid.
Sincerely, Melissa Customer Service Employee Benefits Center, LLC
If you go to this web site (in the email), you will be asked to input information about your age, address, email and cell phone number. Given that the survey does not request your Social Security Number, banking information or ask you to download a malware file, it is not likely an attempt at ID theft. Rather, it’s probably an unscrupulous way to collect consumer data, such as email addresses and phone numbers.
The best advice to give if this scenario should occur is to avoid taking this offer serious and just delete the email. If you feel as though you have fallen victim to this scam or any other that has comprimised your account please contact SRFCU at 864.699.5940.