Important Alert Regarding the U.S. Government Data Breach Incident

alert-resized-600It was recently announced that the U.S. Government has suffered a data breach affecting multiple Federal agencies and approximately 4 million individuals. The Federal Government has confirmed that the information hacked could be used to facilitate identity theft and fraud. The individuals affected are government employees and political appointees.

Below are recommended steps to remain vigilant against possible identity fraud:

  1. Be wary of emails or telephone calls that request information. Neither the U.S. Government nor our financial institution will ask you to provide any information in relation to this possible data breach incident.
  2. Check your Account Statements. Review your statements carefully and repeatedly. Any purchases, large or small, should be verified as a purchase you made.
  3. Check Your Mail and Your Email. Look for mail and emails addressed to you that you do not recognize. This may include credit card accounts, medical bills, or notices from companies with which you do not have a relationship.
  4. Get Help. You are not responsible for fraudulent transactions on your account, but you need to notify us as soon as possible if you see any suspicious activity. In addition, if you are concerned about fraud beyond the transactions on your current account, you may have access to an Identity Fraud Protection program that includes Fully Managed Identity Fraud Research, Remediation, and Recovery Services. We will submit your name to our Recovery Care Center and, within 24 business hours, you will be contacted by an Identity Recovery Advocate who will investigate the situation and work on your behalf to remediate any fraud. Contact us with any questions.
  5. Take Action. If you suspect that your identity has been compromised, you can place a fraud alert on your credit file by calling any one of the three major credit reporting agencies shown below. A fraud alert is a notation on your credit file to warn credit issuers that there may be a problem. The credit issuer is asked to contact you at the telephone number that you supply to validate that you are the person applying for the credit. This is not the same as credit monitoring.

TransUnion: 1.800.916.8800

Experian: 1.888.397.3742    

Equifax: 1.800.685.1111

In accordance with the Fair Credit Reporting Act, it is permissible for consumers to request a free copy of their credit report once every 12 months from each of the three major credit reporting agencies (TransUnion, Experian and Equifax).

To order a free credit report:

Online: www.annualcreditreport.com or by Telephone: 1.877.322.8228

First Financial would like to remind our members that your accounts with us are monitored 24/7 by an experienced team of security professionals for any suspicious or potentially fraudulent activity. First Financial employs the most advanced fraud detection and prevention technology to guard members’ accounts against unauthorized access and use. If our security team observes any unusual activity on member accounts, we will contact members immediately to determine whether the transaction activity is legitimate and authorized.

Don’t wait until it’s too late! Check out First Financial’s ID Theft Protection products – with our Fully Managed Identity Recovery services, you don’t need to worry. A professional Recovery Advocate will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored and you can try it FREE for 90 days!*

Our ID Theft Protection options may include some of the following services, based on the package you choose to enroll in: Lost Document Replacement, Credit Bureau Monitoring, Score Tracker, and Three-Generation Family Benefit. To learn more about our ID Theft Protection products, click here and enroll today!**

We will continue to monitor all members’ accounts for suspicious activity. If you have any additional questions or concerns, please give us a call at 866.750.0100 or email us at info@firstffcu.com. Thank you for being a valued member of First Financial.

*Available for new enrollments only. After the free trial of 90 days, the member must contact the Credit Union to opt-out of ID Theft Protection or the monthly fee of $4.95 will automatically be deducted out of the base savings account or $8.95 will be deducted out of the First Protection Checking account (depending upon the coverage option selected), on a monthly basis or until the member opts out of the program. **Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

Local Alert: Skimming Device Found on Brick NJ Bank ATM

Woman entering her PIN at an ATMA skimming device was found on a local ATM in Brick, New Jersey at Ocean First Bank this past weekend.  To read the full article from the Asbury Park Press, click here.

Please be careful of such devices and be sure to protect yourself and your bank account by using the following steps:

  • Use secure ATM machines under video surveillance or inside of a bank lobby. They’re less likely to be tampered with!
  • Pay careful attention to what the card reader and keypad normally look like on the ATMs you use most frequently.
  • Don’t use an ATM if the card reader appears to be added on, fits poorly, or is loose. Some thieves place a fake box over the card slot that reads and records account and PIN numbers.
  • Call the customer service number on the ATM immediately if a machine appears suspicious or if it does not function properly.

Don’t wait until it’s too late! Check out First Financial’s ID Theft Protection products – with our Fully Managed Identity Recovery services, you don’t need to worry. A professional Recovery Advocate will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored and you can try it FREE for 90 days!*

Our ID Theft Protection options may include some of the following services, based on the package you choose to enroll in: Lost Document Replacement, Credit Bureau Monitoring, Score Tracker, and Three-Generation Family Benefit. To learn more about our ID Theft Protection products, click here and enroll today!**

*Available for new enrollments only. After the free trial of 90 days, the member must contact the Credit Union to opt-out of ID Theft Protection or the monthly fee of $4.95 will automatically be deducted out of the base savings account or $8.95 will be deducted out of the First Protection Checking account (depending upon the coverage option selected), on a monthly basis or until the member opts out of the program. 

**Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

NCUA Phishing Scam Alert – March 2015

alert-resized-600Website Uses Logo Similar to NCUA’s, Mimics Website Design and Language

 

ALEXANDRIA, Va. (March 17, 2015) – The National Credit Union Administration has received reports of an online phishing scam that uses a website with a logo and a design similar to the agency’s own site in an attempt to convince unwary customers to provide information or send money.

Consumers have received emails from the National Credit Union website, which apparently originates in Australia and claims to offer services in the United States, Europe and the Commonwealth of Independent States. This website is not affiliated in any way with the National Credit Union Administration, a federal agency, and the emails are not from NCUA.

The emails attempt to persuade individuals to provide personal information, such as Social Security numbers, account numbers and login information, or transfer large amounts of money. Consumers should neither provide information to this website nor attempt to conduct any financial transactions through it. NCUA would not request personal or financial information in this manner. See NCUA’s Privacy Policy for more information.

Consumers receiving such emails should call NCUA’s Fraud Hotline toll-free at 800-827-9650 or 703-518-6550 in the Washington, D.C., area. Consumers should also contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. NCUA also offers information about avoiding frauds and scams on its MyCreditUnion.gov website.

Consumers who suspect they may have become victims of identity theft should immediately contact their financial institutions and, if necessary, close existing accounts and open new ones. NCUA urges consumers also contact the three major credit bureaus— Equifax (800-525-6285), Experian (888-397-3742) and TransUnion (800-680-7289), to request a fraud alert be placed on their credit reports.

Think you don’t need identity theft protection?  Think again. Check out First Financial’s ID Theft Protection products – with our Fully Managed Identity Recovery services, you don’t need to worry. A professional Recovery Advocate will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored and you can try it FREE for 90 days!*

Our ID Theft Protection options may include some of the following services, based on the package you choose to enroll in: Lost Document Replacement, Credit Bureau Monitoring, Score Tracker, and Three-Generation Family Benefit. To learn more about our ID Theft Protection products, click here and enroll today!**

*Available for new enrollments only. After the free trial of 90 days, the member must contact the Credit Union to opt-out of ID Theft Protection or the monthly fee of $4.95 will automatically be deducted out of the base savings account or $8.95 will be deducted out of the First Protection Checking account (depending upon the coverage option selected), on a monthly basis or until the member opts out of the program. **Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

Intuit is Working to Resolve Emerging Tax Fraud Problem & Says Issue is Unrelated to TurboTax Product

intuit_blueIntuit Inc. has stated that recent fraud reports are not stemming from a breach of the TurboTax program. Intuit has dedicated all their resources to resolving this issue in conjunction with state and federal agencies.

Intuit has been working with third-party security expert Palantir on a preliminary examination of recent fraud activities, and believes that these instances of fraud did not result from a security breach of its systems and that the information used to file fraudulent returns was obtained from other sources outside the tax preparation process.

Intuit is working with state agencies to address growing concerns over state tax fraud. During this tax season, Intuit and some states have seen an increase in suspicious filings and attempts by criminals to use stolen identity information to file fraudulent state tax returns and claim tax refunds.

“We understand the role we play in this important industry issue and continuously monitor our systems in search of suspicious activity,” said Brad Smith, Intuit president and chief executive officer. “We’ve identified specific patterns of behavior where fraud is more likely to occur. We’re working with the states to share that information and remedy the situation quickly. We will continue to engage them on an ongoing basis in an effort to stop fraud before it gets started.”

As it worked with state governments to assess and resolve the recent issues, Intuit took the precautionary step Thursday, 2/5/15, of temporarily pausing its transmission of state e-filing tax returns. Intuit will be working with the states today to begin turning transmissions back on. Customers who have already filed their state tax returns using Intuit software during this temporary pause will have their returns transmitted as soon as possible. They do not need to take further action at this time. This action does not affect the filing of federal income tax returns, and is limited to those states that require residents to file returns.

To assist any customers who believe they are victims of tax fraud, Intuit has implemented a plan that includes a dedicated toll-free number, 800-944-8596, with direct access to specially trained identity protection agents who will provide comprehensive support and filing assistance. In addition, Intuit will provide identity protection services and free credit monitoring, as well as provide access to all versions of its software or to the assistance of one of Intuit’s credentialed tax experts who will prepare taxes for affected customers at no expense.

“We understand the pain and frustration identity thieves cause taxpayers,” Smith said. “We know how important tax time is and our number-one priority is making sure peoples’ returns are filed timely, accurately, and safely.”  In addition, Intuit will continue to apply the most advanced technologies and techniques on an ongoing basis to prevent and detect any suspicious tax filing activity.

First Financial would like to remind our members that your accounts with us are monitored 24/7 by an experienced team of security professionals for any suspicious or potentially fraudulent activity. First Financial employs the most advanced fraud detection and prevention technology to guard members’ accounts against unauthorized access and use.

  • If our security team observes any unusual activity on member accounts, we will contact members immediately to determine whether the transaction activity is legitimate and authorized.
  • It is also a good practice for members to keep a watchful eye on their accounts and transactions and look for any unauthorized activity or purchases.

Don’t wait until it’s too late! Check out First Financial’s ID Theft Protection products – with our Fully Managed Identity Recovery services, you don’t need to worry. A professional Recovery Advocate will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored and you can try it FREE for 90 days!*

Our ID Theft Protection options may include some of the following services, based on the package you choose to enroll in: Lost Document Replacement, Credit Bureau Monitoring, Score Tracker, and Three-Generation Family Benefit. To learn more about our ID Theft Protection products, click here and enroll today!**

We will continue to monitor all members’ accounts for suspicious activity. If you have any additional questions or concerns, please give us a call at 866.750.0100 or email us at info@firstffcu.com. Thank you for being a valued member of First Financial.

*Available for new enrollments only. After the free trial of 90 days, the member must contact the Credit Union to opt-out of ID Theft Protection or the monthly fee of $4.95 will automatically be deducted out of the base savings account or $8.95 will be deducted out of the First Protection Checking account (depending upon the coverage option selected), on a monthly basis or until the member opts out of the program. **Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

Article Source: http://investors.intuit.com/press-releases/press-release-details/2015/Intuit-Working-With-State-Governments-to-Solve-Emerging-Tax-Fraud-Problem/default.aspx

 

 

Important Alert: January 2015 USPS Email Scam Advisory

BEWARE OF SPAM! BOGUS E-MAILS SENT TO POSTAL CUSTOMERS

alert-resized-600

Some postal customers are receiving bogus e-mails about a package delivery or online postage charges. The e-mails contain a link or attachment that, when opened, installs a malicious virus that can steal personal information from your PC.

The e-mails claim to be from the U.S. Postal Service and contain fraudulent information about an attempted or intercepted package delivery or online postage charges. You are instructed to click on a link, open the attachment, or print the label.

But Postal Inspectors warn: Don’t do it! Like most viruses sent by e-mail, clicking on the link or opening the attachment will activate a virus that can steal information — such as your user name, password, and financial account information.

What to do? Simply delete the message without taking any further action. The Postal Inspection Service is working hard to resolve the issue and shut down the malicious program.

If you have questions about a delivery or wish to report spam, please call 1-800-ASK-USPS or email spam@uspis.gov.

There’s a New Security Vulnerability Named POODLE and It’s Not Cute and Cuddly

poodleA new security hole was recently discovered in a basic protocol used for encrypting web traffic. Its name is POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, and it was discovered by three Google security researchers who published a paper about it.

POODLE affects SSLv3 or version 3 of the Secure Socket Layer protocol, which is used to encrypt traffic between a browser and a web site, or between a user’s email client and mail server. SSL is a cryptographic protocol used to provide encryption and authentication security. SSLv3 is the most recent variant – and has been widely used in browsers including Google Chrome, Mozilla Firefox, IE, Opera, and Safari. Primarily all browsers on Windows PCs, Windows Servers, Macs, tablets and smart phones may be affected. Additionally, SSLv3 is also used on Unix and Linux platforms.

This threat is not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.

To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you — for example, on the same public Wi-Fi network you’re using. This makes it less severe than an attack that can be conducted remotely against any computer on the Internet.

The attack works only on traffic sessions using SSLv3. Although this is an old protocol that has been replaced in many client and server configurations with TLS (Transport Layer Security), many browser clients and web servers that use TLS for connections still support SSLv3. Some products and browsers, like Internet Explorer 6 for Windows XP, only use SSLv3. There are also clients that support SSLv3 as an alternative to use whenever a TLS connection to a web server fails. An attacker could exploit this compatibility to downgrade a connection to SSLv3 and then conduct the POODLE attack to hijack your session.

“This attack is really against clients — you have to worry about it if you’re in a place like Starbucks,” says Rob Graham, CEO of Erratasec. “If you’re at home there’s probably no need to panic.”

Heartbleed and Shellshock were vulnerabilities that allowed an attacker to hack a server. POODLE instead targets the clients.

“The fear of rushing to go fix this is very low because of that,” Graham says. “People with servers can’t get hacked, and people with vulnerable clients also can’t get hacked unless they’re on an open Wi-Fi.”

RECOMMENDATIONS

Taking into consideration that this information could be overwhelming, the best practice is to upgrade older versions of browsers and disable SSLv3, as there is no other fix available at this time.

The following browsers support TLS 1.0 (and must be configured to disable SSLv3):

  • Google Chrome v1
  • Firefox v1
  • Internet Explorer v7
  • Safari v1

It is also recommended to upgrade email versions that use TLS 1.1:

  • Apple Mail (OS X Panther)
  • Outlook 2003 (SP2) or higher
  • Outlook Express 4.0 or higher
  • Thunderbird 2.0
  • Entourage 2008

First Financial updates our systems regularly and your data security is the highest priority.  Should you have any further questions or concerns regarding this matter, please contact Member Services at 866.750.0100 or email info@firstffcu.com.

Article Source: http://www.wired.com/2014/10/poodle-explained/