_SecurityAlert - Welcome to Water & Power Community Credit Union

WPCU Home » _SecurityAlert

New Security Threat

August 2007

Please be on the look out for a new computer virus that may be on your computer. This virus may cause a fraudulent screen to appear in the online Bill Pay window. The screen posts messages that attempt to trick you into providing sensitive information such as your account number and password. Our Bill Pay system already has this information so you do not need to provide it again.

If you are using online Bill Pay and a new screen appears out of context asking you to provide sensitive information, do not provide this information.

If you’re in doubt about the validity of a screen, please call a Member Service Representative at 800-300-9728 for assistance.

Best Practices for Online Security
To help prevent fraud, you should:

Delete any emails without opening it if you don't recognize the sender.
Do not open attachments. If an attachment comes from an unrecognized sender, delete it immediately.
Only install software from trusted sources and known origin. Software sent via email is particularly dangerous as viruses are often transmitted via email.
Install and maintain Antivirus and Anti-Spyware software on your computer.
Update your computer operating system and web browser software to benefit from the latest security protections.
Pay attention to warning messages presented through your browser. Browser warning messages may indicate a security threat.

Report Email Fraud

If you think you have received a suspicious email, pop-up ad or have been directed to a suspicious looking website, file a Federal Trade Commission (FTC) Consumer Complaint and an Internet Fraud Complaint Center (IFCC) Complaint.

If you have entered personal information in response to a fraudulent email, you should act immediately to reduce the risk of becoming a victim. Here's what to do:

Report the incident to the WPCCU Member Service Representative at (800) 300-9728.
Contact these credit bureaus and instruct them to flag your accounts with a "fraud alert."
- Equifax Fraud Hotline (800) 525-6285
- Experian Fraud Hotline (888) 397-3742
- TransUnion Fraud Hotline (800) 680-7289
Contact credit card companies if you provided card account information in the phishing scam. Close any affected accounts so that they are registered as "closed at customer request."
File a FTC Identity Theft Complaint with the FTC or call the FTC Identity Theft Hotline at (877) 438-4338.
File a Social Security Administration (SSA) Fraud Report with the Social Security Administration if you entered your Social Security number in response to a fraudulent email. You can also call the SSA Fraud Hotline at (800) 269-0271.

As a WPCCU member, the security of your accounts and personal information are a priority to us. We will work in cooperation with you and law enforcement agencies to investigate any suspicious activity.

Credit Solicitations

Businesses can obtain information about you from public records such as those available at Los Angeles County Registrar-Recorders Office. They may use this information to market their services, and sometimes make reference to our credit union. WPCCU cannot control or restrict the use of publicly available information about you, nor do we authorize these businesses to use our name. There are some steps you can take to minimize these and other types of direct mail solicitations.

You can contact credit-reporting agencies directly and ask that your name be removed from unsolicited credit offers from credit card companies and financial institutions. You may call (888) 5-OPT-OUT (5678-688) or write to:

Experian
P.O. Box 9556
Allen, TX 75013

Equifax
P.O. Box 740241
Atlanta, GA 30374

Trans Union
P.O. Box 97328
Jackson, MI 39288-7328.

Direct Mail and Telemarketing Solicitations

You can contact the Direct Marketing Association (DMA) and ask that your name be removed from lists used for direct mail and telephone solicitations. This will eliminate advertising from companies that subscribe to the DMA services, but there are many other companies that do not subscribe. For the companies that do not subscribe, you will need to contact them directly.

Mail Preference Services

Direct Marketing Association
P.O. Box 9008
Farmingdale, NY 11735-9008

Telephone Preference Service

Direct Marketing Service
P.O. Box 9014
Farmingdale, NY 11735-9014

For additional questions about our Privacy Policy, please contact Water and Power Community Credit Union at 800-300-9728 or you can write us at Water and Power Community Credit Union, Attn: Compliance, 1053 West Sunset Blvd., Los Angeles, CA 90012-2134.

Phishing Scam

April 2007 -

We have learned of an email circulating to the general public requesting personal member information by visiting a specific website and taking part in a survey for $50.00. The email contains the CU Swirl Logo and the CUSC Network; providing much of the "look and feel" of the organizations (see screenshot below). This is not a valid request for information from CUSC or CU Service Centers and that you should never send sensitive information such as passwords, credit card numbers, social security numbers, secret words, or PINs in an email or submit it through a website. In addition, you should never click directly on links in an email that requests sensitive information, even if you recognize and trust the address. These links can redirect you to a fake -- though very real looking -- Web site.

Email Phishing Scam

Credit & Debit Card Compromise Warning

January 2007 -

On Jan 17, 2007, the TJX Companies, Inc. (TJX) reported that they had experienced a breach of security involving consumer information. An unauthorized individual gained access to the computer database of a company that processes credit card and debit card transactions for the TJX companies. TJX owns and operates U.S. retail chains such as T.J.Maxx, Marshall 's, HomeGoods, A.J. Wright, and Bob's Stores.

Although Mastercard account data may have been exposed in this incident, it does not necessarily mean data related to your account was taken or that fraud has occurred or will occur. The data is limited to credit card and check card information and does not impact your membership account information. There is an ongoing investigation of this intrusion by law enforcement authorities and TJX is working with all major credit card companies, including MasterCard, to provide them with information as it becomes available. If we receive information that any of our members’ information has been compromised, we will send out notification to the affected members.

Please be assured that there was no breach of WPCCU's computer and security systems and all member personal account information is safe and secure and unaffected by this incident. We recommend that our members monitor their debit and credit activity and notify us immediately of any suspect transactions.

If you believe that your MasterCard credit or debit card shows fraudulent activity, please contact WPCCU immediately at 1-800-449-7728. In addition, TJX has set up a toll-free customer help line at 1-866-484-6978.

Fraudulent Emails

December 2006 -
There is an email that is being sent out with the CU Swirl log on it and referring to a $25 reward survey if you click on the link and provide personal information such as card number, pin number, and account number. DO NOT OPEN THIS EMAIL. The email may possibly contain a virus.

Screenshot of the fraudulent email:

September 2006 -
Emails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These emails falsely indicate that recipients should install software that was developed by the FDIC and other agencies. The software may be a form of spyware or malicious code and may collect personal or confidential information.

Scenario
The subject line of the email includes the phrase, "Urgent Notification - Security Reminder." The email requests that recipients click on a hyperlink that appears to be related to the FDIC, which directs recipients to an unknown executable file to be downloaded.

DO NOT RESPOND TO THE EMAIL OR CLICK ON THE LINK.

This information is not being requested nor has it been authorized by Water and Power Community Credit Union. Water and Power Community Credit Union is taking every precaution to protect your privacy. You will never be asked by one of our representatives to disclose your password, social security number, account number, or personal information through an email.

Top