Security Center

Fraud Alerts

Check this page regularly for information on the latest scams and be sure watch our home page for the most significant alerts. Remember, if you feel that you are a victim of any type of fraud contact our Member Service Center immediately at 800-325-0808.

Previous Alerts

• February 2010: Phishing Schemes Target Mobile Banking Customers

  A number of financial institutions, including two credit unions, have reported the distribution of bogus mobile banking applications for mobile phone platforms. The apps, which appeared on the Android Marketplace, did not contain malware but were instead aimed at the collection of customers' personal information, including passwords, account numbers, and more.

  Additional information about these fraudulent apps can be found here.

  Though these applications have been removed from the Marketplace and Affinity was not targeted, members are advised to be cautious about downloading mobile apps of this type. Affinity has not authorized the creation of any such applications - the only mobile banking platform currently available is our new mobile banking website, available on most web-enabled phones without the need to download a separate app.

  If you have any questions or concerns, or believe that you may be the victim of such an attack, please contact our Member Service Center at 800-325-0808.

• December 2009: "Zeus" Malware Infection / Identity Theft Scam

  Please be advised that there is currently a computer scam that attempts to obtain your credit and/or debit card number. The scam works via a virus infection that displays a screen calling for you to "Confirm Your Identity" when logging in to Online Banking by providing your card information.

  Click here to view an example of the fake identity confirmation screen.

  This screen is not part of Affinity's Online Banking service; it is an attempt to obtain your account information for an illegal purpose. Affinity does not use your credit/debit card information for identity confirmation.

  If you have any questions or concerns, or believe that you may be the victim of such an attack, please contact our Member Service Center at 800-325-0808.

• November, 2009: Intuit Online Payroll Phishing Attempt

  A phishing scam is underway that is using emails designed to appear as if they were sent from Intuit. The message asks that Intuit Online Payroll customers click on a link to activate an "extra verification process."

  These emails are not from Intuit. The scam is designed to trick recipients into clicking a link in the fraudulent email for the purpose of acquiring sensitive data, such as passwords or financial information. Intuit has included a Payroll in-product communication warning users to ignore this fraudulent email.

  If you have any questions or concerns, or believe that you may be the victim of such an attack, please contact our Member Service Center at 800-325-0808.

• November, 2009: NACHA/ACH Transaction Phishing Attack

  We have recently learned that a falsified email is currently circulating with a subject line that reads, "Rejected ACH Transaction." The email has been designed so that it appears to be coming from NACHA - The Electronic Payments Association, and claims to be alerting recipients to a problem with an ACH transaction they have originated. The message includes a link which directs the individual to a fake web page that appears to be the NACHA website, where they may pick up a virus or other malware.

  If you receive an email of this type, do not click on any of the links and delete it immediately.

  If you have any questions or concerns, or believe that you may be the victim of such an attack, please contact our Member Service Center at 800-325-0808.

• October, 2009: Potential Text Message/Vishing Attack

  It has been reported that random New York metro area consumers have been targeted with a fake "warning" via text message that says their debit cards have been closed or otherwise compromised. Consumers are directed to call 845-765-9464, where they hear a recording that asks them to submit their 16-digit card number and PIN. This information is collected for the purpose of account or identity theft.

  This is a fraudulent message, and members are urged to not call the number or surrender their card numbers and/or PIN to anyone. The phone number is expected to be out of service soon. In the meantime, if you have received a similar message or suspect fraud of any kind, contact our Member Service Center at 800-325-0808.

• September, 2009: Intuit Phishing Scam

  We have been notified that a new phishing scam where individuals receive an email that appears to come from Intuit advise recipients to update account information by clicking a link that goes to a fraudulent web site. Intuit did not send this email. Intuit does not use emails to request personal information or update security tools. A copy of the e-mail is below for your information.

  Click here to see an example of the fraudulent email claiming to be from Intuit.

  The information submitted via this scam is then collected for possible account or identity theft. This email is not from the Intuit - it is a phishing attempt. Anyone receiving this email should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the message.

• July, 2009: IRS Phishing Scam

  We have been notified that a new phishing scam where individuals receive an email that appears to come from the IRS promising a stimulus refund. This bogus email goes on in a bit of detail and gives direction to provide bank account information in order to receive your refund - this is a scam! Do not click on any links or provide any personal information, including your account information.

  Click here to see an example of the fraudulent email claiming to be from IRS.

  The information submitted via this scam is then collected for possible account or identity theft. This email is not from the Internal Revenue Service - it is a phishing attempt. Anyone receiving this email should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the message.

• May, 2009: Phishing Scam Targeting Online Banking Users

  Affinity Federal Credit Union’s name and logo are being distributed randomly via email in attempts to obtain personal account information and passwords. Affinity Federal Credit Union did not send this email. Never respond to emails that appear to be official Affinity Federal Credit Union messages asking for personal information. Affinity Federal Credit Union would not directly contact credit union members and never ask for personal account information.

  Click here to see an example of the fraudulent email claiming to be from Affinity Federal Credit Union.

  Report Phishing
  If you received this email or other suspicious communications, please delete it. If you responded to this scheme, immediately notify our Information Security Unit at 908.860.3722. Affinity Federal Credit Union is working with law enforcement to shut down the fraudulent Web pages for your protection. Internet Explorer 7 accurately flags the website as a phishing website.

  We're Protecting Your Identity
  Be assured that your security is a top priority. Affinity Federal Credit Union employs multiple layers of security for your online banking protection. Account number and password is not enough information alone for a thief to access your online banking information. We also identify your computer and use "challenge questions."

  The NCUA provides a downloadable brochure specifically for credit union members, which includes tips on how to combat electronic identify theft.

• March, 2009: Malware Targeting Online Banking Users

  We have been notified that a new version of malware is now targeting online banking end users, and in particular users of business or corporate banking websites. Once the infection is present, the malware attempts to trick users by popping up fraudulent login screens for the purpose of acquiring sensitive data such as usernames, passwords, challenge questions, token challenge numbers and other information.

  Since the malware primarily uses false login windows to capture information, business or corporate banking users should be advised to report any strange corporate or business banking login windows, or anything that looks different on a login window. These could be signs that the user's computer has been affected by the malware. As a general precaution, users should also close all other browser sessions and tabs before logging into a banking session.

  Your information remains secure. Anyone being prompted by a pop-up login screen should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the window.

• February, 2009: Text Message Scam Alert

  We have recently been made aware of a new form of scam targeting credit union members via text message. "Smishing", as it's called, happens when an ID Thief sends a test message to an unsuspecting person hoping they will respond with personal information. An example of a message is

  "Dear Credit union customer, we regret to inform you that we had to lock your bank account access. Call (number) to restore your bank account".

  Your information remains secure. Anyone receiving this or similar text messages should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the message.

• December, 2008: Deceptive Home Loan Letter

  We have recently been made aware of a letter that has circulated to a number of Affinity members regarding their Affinity Home Loan. The letter claims to be from the "Loan Processing Department" and advises recipients that "your home loan with Affinity FCU has gone under review." It then goes on to claim that the recipient can "freeze" their mortgage, lower their monthly payments, and defer payments on loans "restructured" in December for two months.

  Members should be aware that this letter was not issued by Affinity Federal Credit Union, and is an attempt to deceive members and lure their home loans to another financial institution.

• September 2008: Digital Insight Phishing Scam

  Credit union members have recently been targeted by a scam email claming to be from one of our partners, Digital Insight, or from financial institutions. The most common example of the scam that has been found has a subject line that reads, "Attention - Important Customer Information," and includes the following text:

  As a [Name of Financial Institution] customer, your privacy and security is a primary task for us. We have been dedicated to customer safety and protection and our mission remains as strong as ever. We inform you that your Net Banking account is about to expire. It is strongly recommended to update it immediately. Update form is located here: [LINK]

  The information submitted via this scam is then collected for possible account or identity theft. This email is not from Digital Insight - it is a phishing attempt. Moreover, neither our nor our partners' systems have been breached. Your information remains secure. Anyone receiving this email should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose, and should not follow the instructions in the message.

• August, 2008: Fake Fraud Alert "Vishing" Attempt

  Members should be on the lookout for fake fraud alert email messages requesting that they call an 800-number regarding account activity. The message, purportedly from the Credit Union National Association (CUNA), reads as follows:

  Dear CardHolder,
  
  This is not a promotional e-mail. Please call us immediately at 1-(800) ***-**** regarding recent activity on your account. We're available 24/7 to take your call.
  
  Please disregard this e-mail if you've already call us since the date this e-mail was sent.
  
  We appreciate your prompt attention to this matter.
  
  Thank you
   Fraud Prevention Security Department

  This message is not from CUNA; CUNA does not contact credit union members directly. Rather, it is a "vishing" (voice-phishing) attempt designed to obtain personal and/or account information for an illegal purpose. Affinity members who receive this email should not call the phone number it contains or follow any other instructions.

• July, 2008: Digital Insight Phishing Scam

  Credit union members have recently been targeted by a scam email claming to be from one of our partner organizations, Digital Insight. The message appears to come from an official Digital Insight source, such as "Digital Insight Customer Care" or "Digital Insight Administration," and contains the following text:

  Dear Administrator,
  
  We inform you that your account is about to expire. It is strongly recommended to update it immediately. Update form is located here. However, failure to confirm your records may result in account suspension

  This message is not from Digital Insight. Anyone receiving this email delete it immediately, and should not follow the instructions in the message.

• July, 2008: Counterfeit Cashier's Checks

  Affinity Federal Credit Union has recently been advised that a group out of Canada has been counterfeiting Cashier's Checks. The checks are being sent to a variety of individuals across the country, accompanied by a letter and associated with an Insider Mystery Shopping program.

  Persons receiving an Affinity Federal Credit Union cashier's check accompanied by a similar letter are encouraged to contact us at 800-325-0808, ext. 3911 or ext. 3949.

• July, 2008: NAFCU Member Satisfaction Survey Phishing Email

  We have recently learned of a new phishing scam targeting credit union members. The scam uses an email that claims to be from the National Association of Federal Credit Unions (NAFCU), requesting that members complete a satisfaction survey in exchange for an $80 credit to their account. The message has a subject line of "Member Satisfaction Survey" and the beginning of the message reads as follows:

  Congratulations!
  
  You have been selected by NAFCU: National Association of Federal Credit Unions Online Department to take part in our quick and easy reward survey.
  In return we will credit $80 to your account - Just for your time!
  
  Helping us better understand how our members feel, benefits everyone.
  With the information collected we can decide to direct a number of changes to improve and expand our services.
  The information you provide us is all non-sensitive and anonymous. No part of it is handed down to any third party groups.
  It will be stored in our secure database for maximum of 3 days while we process the results of this nationwide survey.
  
  [Rest of message removed]

  This message is not from NAFCU; it is a fraudulent attempt to obtain account information for an illegal purpose. Affinity members who receive this email should not click on the link contained in the message or follow any of the instructions.

• April, 2008: New Phishing Scam Targets CEOs through Fake Subpoenas

  We have just become aware of a targeted "spear-phishing" scam directed specifically to CEOs and top executives by way of sending fake subpoenas from the U.S. court system. Spear-phishing scams include personal information in their attack emails which look like believable messages. This causes the victim to trust the email and click for more information leaving the door open to be victimized.

  The U.S. court systems DO NOT send subpoenas via email unless you are already involved in a legal matter. If you receive an email claiming to come from a U.S. district court we urge you to call the court yourself before clicking on anything in the email you receive. Click here to read the alert posted on the U.S. Courts website warning readers about this scam.

• March, 2008: CUNA "Security System" Phishing Email

  The latest phishing attack targeting credit union members consists of an email alert that claims to come from the Credit Union National Association (CUNA). The message subject reads "Security Notification," and, ironically, contains text informing members that their card accounts have been de-activated due to "numerous fraudulent emails." In a twist on traditional phishing attacks, the message then asks that members contact them by phone to re-activate their accounts.

  Anyone who receives this email should consider it to be an attempt to obtain confidential account information for an illegal purpose, and should not follow the instructions contained in the message.

• February, 2008: NCUA "Credit Union Profile" Phishing Scam

  We have recently learned of another phishing scam targeting credit union members, once again using an email that purports to be from the National Credit Union Administration (NCUA). The subject line of this new message reads "Important Notice Regarding your Credit Union Profile," while the message text asks that members submit a "verification" form online within 48 hours to confirm their information for security reasons. The beginning of the message reads:

  Dear Credit Union member,
  
  You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter.
  
  In order to safeguard your account, we require that you confirm your online banking details.

  This email represents a fraudulent attempt to obtain personal account information. The NCUA does not require any type of account validation, and neither they nor Affinity will ever ask for your personal information via email. Affinity Federal Credit Union members who receive this email should not follow the instructions in the message.

• February, 2008: IRS Warns of Tax-Filing Scams

  Several email and telephone scams using the IRS name have surfaced recently, some of which may be directed at credit union members. One scam claims to make available an advance payment on rebate checks - emails direct users to access a refund claim form, while telephone scams request the member's account information. Other scams include a fake audit notification email (informing members they are being audited, and requesting personal information), while others direct users to click on links to download information about changes to tax laws.

  These efforts constitute a fraudulent attempt to obtain account information for an illegal purpose. Neither the IRS nor Affinity will ever ask for personal or account information via email. Additionally, with respect to the rebate check scam, the economic stimulus package that would authorize these payments has not yet been enacted. Affinity members who receive these emails should not follow their instructions.

• January, 2008: NCUA "Last Warning" Debit Card Phishing Attempt

  Another phishing scam targeting credit union members has surfaced. This latest email message claims to be from the National Credit Union Administration (NCUA), and describes a supposed database error that affects members' debit cards. The message then instructs members to contact the NCUA via telephone, asking that they "follow the steps" in the phone menu to correct the problem and restore the "valability" of their debit card.

  This email and the phone numbers provided are part of a fraudulent attempt to obtain account information for an illegal purpose. The NCUA does not require any type of account validation for any reason, and neither they nor Affinity will ever ask for your personal information via email. Affinity Federal Credit Union members who receive this message should not follow its instructions.

• January, 2008: "ILWU Credit Union" Phishing Attempt

  A new phishing attempt has been found, this time consisting of a message that claims to be from "ILWU Credit Union." The message informs the user that their account is suspended, and requests that they call in to have their account restored. The text of the message is as follows:

  Dear Customer,
  
  This is a message from ILWU Credit Union. Because we have registrated to many frauds we suspended your account.
  To reactivate please call back at total free number: 501-429-4617 Please note the total free number: 501-429-4617
  
  Copyright © ILWU Credit Union Security Department

  This message is not from Affinity; it is a fraudulent attempt to obtain account information for an illegal purpose. Affinity members who receive this email should not follow the instructions contained in the message.

• January, 2008: "Credit Union" Phishing Attempt

  It has come to our attention that credit union members have begun receiving an email message seeking account information under the guise of providing more secure service. This message comes from "Credit Union" with a subject line of "Security Issues," and begins with the following text:

  Credit Union is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

  This message is not from Affinity; it is a fraudulent attempt to obtain account information for an illegal purpose. Affinity members who receive this email should not follow the instructions or click on any of the links contained in the message.

Get information on other threats and much more about keeping your identity safe, courtesy of Identity Theft 911^TM!

Back to Top