Social Media Policy
Debit Card Protection
In our ongoing efforts to protect our members from Debit card fraud, we may require you to use your PIN when performing certain transactions at major retailers. The PIN provides an extra layer of security when using your Debit card, and allows us to better determine whether a transaction is legitimate or fraudulent. If you have any questions regarding these requirements please contact us at 800-933-3280.
Important Resources on Identity Theft
Click on this link from the Federal Trade Commission (FTC), a National Resource for Identity Theft:
Click on this link from The New Jersey State Police for additional information on Identity Theft:
Click on this link from the Internet Crime Complaint Center to file a complaint with the federal government:
Fraud Prevention & Security Center
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
9/4/14 Home Depot Card Breach
Please know that Financial Resources has conducted an initial review of our entire card database and will be monitoring all accounts and activity closely for any potentially compromised cards or fraudulent activity. We encourage you to monitor your account and if you believe any activity to not be legitimate please notify us as soon as possible so we may work with you to implement further protective measures. We will provide members with further updates as we obtain more specific and confirmed information.
As a reminder Financial Resources’ members can easily monitor their accounts with online banking and mobile banking as well as receive text message alerts related to account activity. If you do not have online or mobile banking, signing up is quick and easy.
8/28/14 JP Morgan & other banks
We take security threats very seriously and prioritize the security of your account information and credentials. You may have heard about the recent cyber-attack against JP Morgan and other banks. Our online banking vendor has strong security measures in place to prevent our vulnerability to attacks like this.
8/18/14 Spoofed e-mail address used in a phishing campaign
Sample fraudulent email:
Incoming Transactions Report
An incoming money transfer has been received by your financial institution and the funds deposited to account.
Initiated By: Fiserv Inc.
Initiated Date & Time: Fri, 15 Aug 2014 23:00:11 +0700
Batch ID: 976
Please view the attached file to review the transaction details.
How to protect yourself against phishing attacks
- Install an antivirus app on both your personal computer and your mobile device and keep it updated.
- Do not click on attachments in suspicious emails.
- Perform regular backups of data.
- Don’t view or share personal information over a public wi-fi network.
8/08/14 Russian Hackers Steal 1.2B Passwords
8/1/14 IRS Warns of Pervasive Telephone Scam
The IRS will always send taxpayers a written notification of any tax due via the U.S. mail. The IRS never asks for credit card, debit card or prepaid card information over the telephone. For more information or to report a scam, go to www.irs.gov and type “scam” in the search box.
People have reported a particularly aggressive phone scam in the last several months. Immigrants are frequently targeted. Potential victims are threatened with deportation, arrest, having their utilities shut off, or having their driver’s licenses revoked. Callers are frequently insulting or hostile – apparently to scare their potential victims. Potential victims may be told they are entitled to big refunds, or that they owe money that must be paid immediately to the IRS. When unsuccessful the first time, sometimes phone scammers call back trying a new strategy.
How to recognize IRS scams
Scammers may be able to recite the last four digits of a victim’s Social Security number.
Scammers spoof the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.
Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.
Victims hear background noise of other calls being conducted to mimic a call site.
After threatening victims with jail time or driver’s license revocation, scammers hang up and others soon call back pretending to be from the local police or DMV, and the caller ID supports their claim.
If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue, if there really is such an issue.
If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
If you’ve been targeted by this scam, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add “IRS Telephone Scam” to the comments of your complaint.
Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.
The IRS encourages taxpayers to be vigilant against phone and email scams that use the IRS as a lure. The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS also does not ask for PINs, passwords or similar confidential access information for credit card, bank or other financial accounts. Recipients should not open any attachments or click on any links contained in the message. Instead, forward the e-mail to firstname.lastname@example.org. More information on how to report phishing scams involving the IRS is available on the genuine IRS website, IRS.gov.
6/18/14 Svpeng and Dyreza Mobile Banking Malware
Recently a mobile banking security threat was discovered. As with any security issue, your security is our top priority. We do not believe our applications are vulnerable at this time and are working with our vendor to understand scope and impact of this new threat.
What is Svpeng?
Svpeng is a new malicious malware, ransomware app for Android devices. Svpeng searches for specific mobile banking apps on the device, then locks the device and demands money to unlock it. In the U.S., Svpeng breaks into a mobile device through a social engineering campaign using text messages.
Svpeng capabilities include:
- Spoofing legitimate banking applications
- Stealing personal banking information
- Capturing user input, including passwords
- Sending SMS messages to premium numbers without user’s knowledge resulting in charges
- Stealing SMS messages
- Stealing contact information and pictures
- Tracking user location
What is Dyreza?
Dyreza or “Dyre” is a new family of banking malware that redirects the traffic to malicious servers, while end users think they have a secure connection with their legitimate online banking site. Dyreza is spread through spam e-mail messages such as “Your FED TAX payment ID [random number]” and “RE: Invoice #[random number].” These messages contain a “.zip” file often hosted on legitimate domains, to minimize suspicion.
Opening this file infects the computer with the malware. Using a technique called “browser hooking” Dyrezea views unencrypted web traffic in the Internet Explorer, Chrome and Firefox browsers and captures an end user’s credentials by sending the user to malicious servers, while the end user thinks they are securely connected to their financial institution’s legitimate website.
Is my iPhone vulnerable to Svpeng and Dyreza?
iPhones and Android devices use different operating systems. Svpeng specifically targets the Android operating system. Dyreza does not target mobile devices; it exploits Internet Explorer, Chrome and Firefox browsers.
We recommend end users employ security best practices to proactively mitigate this threat including:
Installing an antivirus app and keeping it updated
Avoiding installing Android apps from third-party websites or unreliable sources
Reading the permissions requested by every application before installing
Performing regular backup of data stored in Android devices
Protecting devices with a password
Not viewing or sharing personal information over a public Wi-Fi network
If you have a specific concern regarding your account, please contact Financial Resources at 1.800.933.3280.