Notice: For enhanced security in Online Banking, member numbers may no longer be used as Log-in IDs. If you are still using your member number as your Log-in ID, you will be required to change it by October, 24th (extended). You can change your Log-in ID by selecting 'Account Management' in Online Banking. Learn More
Never click on a link or download attachments contained in an unsolicited email.
Go to the website yourself through your browser's address bar or use a bookmark you have set earlier, and as always, think before you click.
To learn how to avoid phishing scams like these visit: www.meriwest.com/phishing
Recent Scam Alerts:
Posted on 9/29/2018:
If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving. A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent.
For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc.). Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds.
The complete KrebsOnSecurity article can be found here: https://krebsonsecurity.com/2018/09/beware-of-hurricane-florence-relief-scams/
Posted on 8/15/2018:
With cybercrime a real threat to individuals and companies it is important to note what Meriwest is doing to protect your assets.
First, we have very sophisticated systems in place that look for unusual and suspicious activity. We have a monitoring system that works for you 24/7 to allow us to mitigate activities should anything appear to be out of the ordinary. We work very closely with our vendors to make sure we are up to date on best practices with regard to fraud detection and prevention.
Secondly, we encourage all members to do their part by undertaking security precautions in managing your accounts. Those include not sharing your PIN or account access information, utilizing strong passwords for online access, establishing transaction alerts on accounts, and monitoring account activity through online or mobile banking. If you see anything out of the ordinary please contact us immediately at 877-637-4937.
Should you feel that your PIN may have been compromised at any time, you may contact our 24-hour Debit Card PIN change at 877-746-6746.
You may also contact our Fraud Prevention Service at 1-800-417-4592, for any suspected fraud on your ATM/Debit Card.
Additional recommendations and information regarding security can be found on our web site at www.meriwest.com/security.
Posted on 8/1/2018:
PayPal phishing schemes are fairly common these days. Many, or even most of them are generic in nature. In other words, they don’t target a specific person or group. They are merely crafted in such a way that they can be sent to a large number of people at one time as spam. However, sometimes they arrive as if they could actually be from PayPal and are specific or somehow related to the recipient. This is called spear-phishing, because the attacker has some information which he can spear his target specifically. This tactic is more likely to result in success for the phisher.
Spear-phishing campaigns are on the increase and the use of PayPal as the bait is increasing in sophistication with each new campaign. Cisco researchers have found several versions of imposter PayPal web sites that are so well done, they can trick even the most phishing-savvy person into falling for the scams behind them.
What is making it even more problematic is that these phony websites are actually legitimately registered, sometimes even with actual security certificates attached. Many, such as one of the primary ones used – redirectly-paypal.com– are registered through a site called Wix. A list of many of the other fake ones is listed here:
Unfortunately, the fake sites use the color schemes, text styles, and images from the actual PayPal site, making them nearly impossible to detect. Some have also registered with very popular and legitimate hosts, such as CyrusOne LLC, which also hosts CarFax and Dell. However, there are some ways to tell if one is trying to trick you:
Some of these phishing sites actually try to get users to enter credentials other than the ones for PayPal. A common one attempts to spoof an Apple credential verification page. However, Apple and PayPal are not related, so an Apple login page should not show up.
Another site uses Spanish language but targets English speakers. If the text is in another language, those behind it are most definitely up to no good.
It’s likely more of these sites and those using other well-known companies will be popping up in the future. If you need to verify credentials or check something in your account for any online account, go directly to a bookmarked link or type in the address manually, being careful not to make typos. Then login there to do your sanity checks or to make changes. Don’t click on links in email messages to do this, even if you think they may be real. It’s just safer not to.
Posted on 6/13/2018:
Today’s Security Tip is brought to you by a Stickley on Security article that warns about a new Roaming Mantis malware that is being used to collect login credentials to financial accounts and other sensitive information.
What can you do?
The Article: Roaming Mantis Malware Hijacking Two-Factor Authentication from Online Banking
If you haven’t yet changed your default password on your internet router, stop right now and take a few minutes to do it. Not only is the FBI recommending this because of the recent discovery of the VPNFilter malware, but now there is more malware that can hijack that same router (and any others) and spy on users. Roaming Mantis, changes the router’s DNS (domain name system or domain name service) settings to direct traffic to fake versions of legitimate sites. In this case, it uses Android devices with malicious apps installed to steal login credentials to financial accounts.
This warning goes for home and business users that have devices that connect to the Internet. Those are the ones at risk for DNS hijacking. DNS translates a website address to an IP number - it can be thought of as your computer’s phone book. That’s why it’s serious if these DNS settings are modified. If a lot of users get sent to fake websites and enter in their credentials (i.e. username and password), it’s quite a successful day for the cybercriminal.
Once a person’s DNS is overwritten, this group redirects users to malicious websites that display a pop-up message promoting a Chrome upgrade for a better browsing experience. The malware will pop up with a warning message asking you to update your Chrome version on the mobile device.
If you click OK, it will download and install a fake version of Google Chrome, then ask for various permissions including access to the device’s account details, the management of texts and phone calls, and recording and video capabilities, as well as others. If the user goes so far as to give the app appropriate permissions, another dialogue box appears stating “Account No.exists risks, use after certification.” That alone should be a big warning that something is amiss. If “Enter” is clicked, it’ asks for the name and birthdate associated to Gmail.
With access to the texts/SMS, it can intercept multi-factor authentication codes too. Never give apps access they don’t need. Very rarely, if ever, does an app need access to your device’s account settings or administrator password. If it asks, definitely do more research. It’s likely the app is up to no good. This one tries to trick users into entering Gmail credentials. If it gets enough information out of the user, it can potentially get access to all kinds of accounts such as social media, email, and financial accounts.
While you’re making sure your password is strong, make sure your devices are updated with the latest security patches. Hopefully, you have already done this after the FBI’s warning about VPNFilter.
Also, be sure to only download apps for all of your devices from the official stores, such as Google Play or the Apple Store. While there is never a 100% guarantee that these are free of malware, they are less likely to have it. The apps typically go through more security scrutiny before they are allowed into those stores than those that can be found on third-party sites. In this case, it is a third-party site that hosts this malicious app. Kaspersky Lab found references to South Korean mobile banking and gaming apps, as well as to a Chinese social media site, Sohu. Roaming Mantis was detected at least 6,000 times by Kaspersky. This indicates that it’s capable of spreading very quickly.
Posted on 5/24/2018:
Do you or your kids play games online using the family computer? This is just one of the many ways your computer can get infected. Many foreign-based game websites market to gamers and younger audiences, and download malicious code to your computers registry. If you are noticing weird behavior and strange pop-ups when using your web browser, then your computer is most likely infected. If your computer is infected then your online activity can be tracked making you vulnerable to phishing scams which can expose your financial and personal information. Good Antivirus software can catch many of these attempts, but they do not prevent all viruses and malicious code from being downloaded to your computer. As antivirus software companies try to keep up with all the new attacks, hackers are always coming up with new techniques and ways to exploit the new technologies we use every day. Be careful, and discuss with your kids the danger of visiting untrusted websites. As always, think before you click.
In the example below, malware, that was downloaded from a game website (ArcadeGala), activated a new tab while a member was visiting www.meriwest.com which prompted a fake survey that appears to be from Meriwest Credit Union but is not. Be careful not to fall for this one!
Red Flag: If the website URL does not look right, then follow your instincts.
(Image snap-shot taken by member)
Pop-up says: "Dear Meriwest Credit Union Visitor", then asks visitor to complete a survey. Do not fall for these tricks! (Image snap-shot taken by member)
Posted on 5/1/2018:
This is an oldie, but a goodie in the world of scams. When browsing the internet, users may see pop-up messages prompting them to either “click here for a free scan” or “contact xxx-xxx-xxxx to remove virus.” However, the software or "free scan" offered in these pop-up alerts often doesn't work or will actually infect a computer with the dangerous programs it is supposedly meant to protect against. Also, the phone number listed on these pop-ups will usually direct users to a scam artist who will try to sell “anti-virus protection software” and ask to take control of the user’s computer or device to complete the installation process. Once they have control though, malicious software can be installed on the victim’s device to track their activity and monitor their keystrokes. Then, the waiting game begins. Scammers will watch their victim’s activity until they sign in to their online banking account(s) and from there, they can obtain the user’s login credentials.
In some cases, if users purchase this “software" from a scammer, they might contact the victim later on to advise that a virus infected their computer and they would like to issue a refund for the product purchased because they were unable to prevent the virus attack. However, these fraudsters may claim that they must be logged in to the user’s computer in order to issue the “refund credit” and request to remotely access the device. The objective with this angle is to build trust. The scam begins when they show the victim that they have “refunded” the money while being logged into their computer; however, the amount may be more (even several thousand dollars more) than the amount originally paid. These fraudsters allow the victim to see what they want them to see by manipulating their accounts, when in reality the funds were actually transferred from the victim’s own, internal account. Next, they will try to scare their target into thinking they will be taxed or in trouble with the IRS if the funds are not returned immediately. They will then pressure their target into sending the funds back in the form of a wire transfer, MoneyGram, or gift card. Watch out for these red flags. This is a scam!
How can you protect yourself?
If you have experienced any of these scams, stop using your computer immediately! Contact your financial institution(s) to notify them of the situation, review your statements for any unauthorized activity, and take your computer to a reputable computer repair service. Lastly, ensure to use increased caution in the future.
Posted on 4/13/2018:
It has come to our attention that there are phone scams going on in our area. Please be on the alert, and know that you will NEVER receive a call or e-mail from Meriwest asking you to provide your account or personal information. If this happens, please do not provide any information until you contact the credit union directly.
Posted on 1/18/2018:
One or more Meriwest Members received a fictitious letter claiming they were a winner in this sweepstakes. This letter included a fake check.
"We are pleased to inform you that you are one of the winners of the "SUPPERMARKET CUSTOMER SWEEPSTAKES RAFFLE DRAW"
The raffle entry ticket attached to your name with serial number PWG 61900 is one of the size winning tickets of the grand prize and your share of the winning is $880,000 (Eight Hundred And Eighty Thousand Dollars Only)...."
If you come across a mailing like this or a similar variation, please don't fall for it!
Posted on 12/18/2017:
After a big cyberattack, such as the data breach that hit Equifax recently, criminals frequently attempt to take advantage of the fear factor and trust customers and members have with their financial institutions. In a recent phishing campaign, discovered by Barracuda Networks, messages masquerade as legitimate and secured messages from banking institutions such as TD Commercial and Bank of America to trick people into installing malware onto their computers and devices.
In this one, an email is received that claims to be a secure message from a financial institution. Inside is one of three possible phishing lures that researchers have seen thus far:
Posted on 12/7/2018:
As you may have heard, Uber suffered a data breach a year ago in which the names, email addresses and phone numbers of 57 million customers and drivers were stolen. Uber reported that they paid off the hackers who then supposedly “deleted the data,” but that cannot be confirmed. Consequently, Uber-themed scams are to be expected.
Watch out for phishing emails related to this Uber data theft. For instance, look out for messages claiming that your "Uber account was compromised" and that you need to change your password, or anything else related to Uber that could be suspicious. Below is an example of how these messages could look:
Posted on 9/27/2017:
One or more members have reported receiving an anonymous text message requesting them to contact Meriwest. Don't fall for this scam.
Q: What is Smishing? A: Like a “phishing” email scam, where fraudsters send an authentic-looking email to obtain personal or financial information, “smishing” messages are sent to you via SMS (text message) on your mobile phone.
Q: What is happening?
A: Members have reported receiving a text message purportedly from Meriwest Credit Union requesting a call back at an unknown phone number. THIS IS NOT A VALID MERIWEST CREDIT UNION COMMUNICATION OR PHONE NUMBER. DO NOT PROVIDE YOUR CARD INFORMATION.
The phone number is a recording which states: "Welcome to Meriwest Credit Union, for security reasons we need to verify your account. All direct deposits have been disabled until verification is complete. Please enter your 16-digit card number."
Meriwest will never contact you requesting account information. Be cautious and never reply to anonymous messages via text, phone, or email.
Q: I’m concerned that I received this text message. Was there an internal data breach?
A: That is a valid concern with all the data breaches in the news lately. However, at this point we have no reason to believe that a data breach occurred. What we know so far is that a fraudster has decided to use Meriwest Credit Union’s name to perpetrate this scheme to gather Debit card information.
Q: What information is being requested? A: The recorded line goes on to request ALL the card information (i.e. the full 16-digit card number, expiration date, CVC security code, zip code and PIN). If this information is provided, it could be used to complete any type of transaction, such as: ATM cash withdrawals, online purchases, fill ups at the gas station pumps, you name it.
Q: What do I do if I provided my card information? A: Contact the Credit Union to cancel the card immediatelyto prevent any fraudulent transactions on your account. You may visit any one of the Meriwest Financial Center locations or call us directly. We will need to know what card information was provided and may ask what phone number you received the text message.
Posted on 9/6/2017:
Hurricane Harvey hit hard, especially in Houston, Texas where it was badly flooded, and cyber criminals are exploiting this disaster.
Scammers are now tricking people into clicking malicious links on Facebook, Twitter and phishing emails soliciting charitable donations for the Hurricane Harvey flood victims.
Previous disasters have been exploited like this and the bad guys are going at it again. Don't fall for these scams. If you want to make a donation, go directly to the Meriwest home page to find a safe place to donate, or visit the website of the charity of your choice by typing the web address in your browser or use a bookmark.
Do not click on any links in emails, social media pages or text messages you may receive. Please be wary of anything online covering the Hurricane Harvey disaster in the following weeks.... THINK BEFORE YOU CLICK.
Posted on 8/25/2017:
One or more Meriwest Members received a fictitious letter claiming they were a winner in this sweepstakes. This letter included a fake check with a Meriwest logo. There has been an increase in Phishing Scams similar to this.
Posted on 7/29/2017:
One or more Meriwest Members received a fictitious letter claiming they were a winner in a sweepstakes/lottery. This letter included a fake check with a Meriwest logo. There has been an increase in Phishing Scams similar to this.