At Sperry, the security of both your assets and information is a top priority.
We go above and beyond credit union industry best practices to protect your valuable personal information, as well as monitor your Sperry accounts for fraudulent activities. As such, Sperry's online systems are closely monitored and constantly updated to protect against the emerging threats.
That being said, it is important to remember that the security of your personal information cannot be reliant upon on these measures alone. When it comes to fraudulent activity and catching the fraudsters who engage in criminal acts, we all have the responsibility to protect ourselves by keeping up-to-date on the latest scams.
Some simple tips include:
- Protecting your P.I.N. - Always use your hand to shield your P.I.N. as you enter it.
If the fraudsters do not have your P.I.N., they won't be able to use a clone of your debit card for P.I.N. based transactions.
- Protecting your Online/Mobile Banking log in credentials - Never, ever, give anybody access to your online or mobile banking log in credentials - no matter what. Always be sure to protect your sensitive account information!
- When In Doubt, Give Sperry a Shout - If something seems fishy or unusual, such as an email you've received asking for your Sperry online banking ID and password, don't hestitate to give us a call.
- Remember - Sperry will never contact you online to ask for your account numbers, social security number, or online banking username or password!
Following these tips are a good start to ensuring that your accounts are kept secure. Unfortunately, there are scammers everywhere - so vigilance, and education, are both key! The information that is provided on this page can help keep your sensitive financial information safe, so check back often. You can find a comprehensive list of resources below the Scam Alerts section.
Sperry Scam Alerts: Keep Up-to-Date on the Latest!
Beware of Gmail Calendar Phishing Scam
If you use Google’s free calendar service to schedule business or personal events, be on the lookout for fake notifications going around. The bad guys are using unsolicited Google Calendar notifications to trick you into clicking phishing links so they can steal your information or install malware on your computer.
Here’s how it works: Scammers send a realistic-looking Google Calendar invite complete with a meeting topic and location information. Some of these fake events even claim that you’re entitled to a cash payment. The event details contain a link that you’re prompted to click to “see more information”. At first glance, the link appears to take you to a Google website, but beware! If you click the link your computer could be infected with malware, or your bank (or other) account information could be stolen if you unknowingly provide any data to the scammers.
Remember the following to avoid falling for scams like this:
• Never click links in emails or in calendar notifications that you weren’t expecting. Even if you were expecting an email or an event invite, pick up the phone or use an alternative channel of communication to confirm whether the sender is legitimate.
• Always hover over links to see where they’re taking you before clicking. The link may take you to a different address from the URL that is shown.
• Don’t fall victim by clicking a link to gain something of value–like an unexpected payment. If something sounds too good to be true, it probably is. Delete suspicious emails or follow the reporting procedures put in place by your organization.
Beware of Voicemail Phishing Scams
If your organization uses online voicemail services, you’ve probably used links in notification emails to check your new messages. Lately, scammers are creating look-alike notification messages that trick you into giving up your login credentials.
The fake voicemail notifications take you through a series of steps. They'll first prompt you to click a link to listen to your "new message". Then, you’re directed to a web page containing another link to click on so you can finally listen to your "new message".
If you click this link, you’re brought to a realistic-looking Microsoft sign-in page where you’re prompted for your email and password. If you enter your login details here, the bad guys will have full access to your account, where they can steal sensitive data or perform further attacks on your organization.
Remember the following to stay safe:
• Before clicking, always hover over links to see where they’re taking you.
• If you’re already logged into your email account, you shouldn’t be prompted to log in again. When asked to log in to an online service you’re using, type the web address into your browser yourself, rather than using unexpected links.
• Get familiar with the format of your voicemail notification emails. If you’re ever in doubt, contact the proper department in your organization before you click on any links or download attachments.
Brand Impersonation Attacks are at an All-Time High
According to recent reports, phishing attacks that use brand impersonation are at an all-time high. Cyber criminals are posing as familiar companies so they can trick you and get access to your account in order to steal sensitive data or target additional employees.
Here’s how it typically happens: Attackers send you a standard-looking email appearing to be from a service or company that you use, such as Office 365. Clicking the link in the email will take you to a fake (but very realistic) login page. The most deceiving part of some of these fake pages is that the web address appears to be safe. The URL may end with a legitimate domain like “windows.net”, because the bad guys are hosting these pages with Microsoft’s Azure cloud services. If you enter your information here, the bad guys will gain access to one or more of your accounts which they can use to steal data or plan further attacks on your organization.
Remember the following to protect yourself from your inbox:
• Look out for strange or suspicious domains in sender addresses. Even if the domain looks legitimate, check again. Does the email say “micronsoft.com” instead of “microsoft.com”?
• Before clicking, always hover over links to see where they are taking you. Never click on a link in a message unless you’re certain the sender is legitimate.
• Whenever you get an email from an online service you use, log in to your account through your browser (not through links in the email) to check whether the email message is valid.
Memorial Day Scams
The bad guys are known to use holidays to try to get you to click on a dangerous link or download a malicious attachment. Whether you're traveling this Memorial Day weekend, or staying home to take advantage of online shopping deals, be cautious when performing any types of online transactions. Be suspicious of any out-of-the-ordinary emails, and be mindful of what information you're sharing over your phone when you're on the road.
Here are some things to look out for this approaching Memorial Day weekend:
• Scammers are known to pose as charities asking for donations around holidays. Never click on links or download attachments from unexpected emails, unless you're certain the sender is legitimate.
• Attackers often pose as familiar online retailers, offering deals that seem too good to be true. If you find unbelievable offers in your inbox, navigate to that retailer's website through your browser (not through links in the email) to check whether the email message is valid.
• If you're traveling this holiday weekend, turn your mobile device's Bluetooth off when not in use. Cyber criminals can pair with your phone's open Bluetooth connection and steal personal information.
That Free Avengers: Endgame Download? It's a Scam!
If you’re looking to stream or download blockbuster movies when they’re still in theaters, you probably shouldn’t. Why not? Well, first and foremost, this is called piracy and it is illegal. Secondly, any “free downloads” you do find will likely be a scam.
Recently, a popular search engine result for Avengers: Endgame claims to offer either a download or a full viewing of the blockbuster hit. The movie even begins streaming automatically, but you’re prompted to make an account shortly after. Creating an account is free, but you soon find that you must “validate” your account using your credit card details.
Don’t be fooled! If it seems too good to be true, it probably is. Remember the following to stay safe when browsing online:
• Never download anything from an unfamiliar or questionable website. Especially if the download could be stolen, and therefore illegal, material.
• Never give information to a website you can’t trust. Even if you don’t enter credit card data, simply creating an account makes your email address more vulnerable to future scams–especially phishing attacks.
• Never reuse passwords. If you create an account on a dangerous site, scammers will try to use your email and password combination to break into your other accounts.
You Won't "LIKE" These Instagram Scams
Some of the latest social media phishing scams are making their way through Instagram right now. These attacks trick you into giving up your account’s login credentials so the bad guys can take over your account and further spread their malicious tricks.
Here’s how it works: You’ll receive a message from an Instagram user. The message claims they’ve seen some of your photos ranked on a “Hot List”, or even a so-called “Nasty List”. The message leads you to a fake Instagram account to see your ranking. The scammers include a dangerous, shortened link in their Instagram account profile, and use an enticing message to get you to click. Once you’ve clicked this link, you’re directed to a fake, but identical-looking Instagram login page. Don’t log in! If you enter your information here, it will be instantly sent to the bad guys.
Remember these tips when using social media platforms:
• Never open or respond to social media messages from strangers. Even if the message appears to be from someone you know, be cautious, their account may have been hacked.
• Shortened links are often used on mobile phones and social media profiles. If you can’t see the full address of where a link is taking you, don’t click! Wait until you can view the link on a desktop, and avoid clicking suspicious links altogether.
• Using shocking content to entice you is one of the oldest tricks in the book of phishing scams. If you receive an email or message claiming that your photos were seen somewhere, this is likely a scam. Don’t respond, and delete the message immediately.
A Spike in Malicious PDF File Scams
PDF files are commonly used in most organizations, regardless of what industry you work in. That’s why PDFs are often thought of as a “safe” file type. Do you hesitate to open them?
Over the past few months, there’s been an increase in the bad guys taking advantage of this trusted file type. They’re finding ways to hide malware in PDFs so they make it past the security filters your organization has in place. Most often, the malware is executed once you open the PDF and click on a misleading link in the file. A different PDF attack steals your login details when you open the file.
Always remember, never open an attachment unless you have asked for it. Even if the attachment appears to come from someone you know, pick up the phone to verify it’s legitimate.
Additional resources, sourced from the NCUA and others:
- Avoiding Social Engineering and Phishing Attacks
- Avoiding Tax Scams
- How to Spot Fake Checks
- Preventing and Responding to Identity Theft
- Phishing Prevention
- Preventing Malware
- The Dangers of Identity Theft
- Computer Security
- Spotting Internet Fraud
- Choosing Secure Passwords and Protecting Your Information
- Keeping Your Personal Information Safe and Secure
- Preventing Tax-Related Identity Theft
Resources to Help Combat Elderly Abuse and Fraud, and Senior Issues: